Skills
skills/membranedev/application-skills/onna/Gen Agent Trust Hub

onna

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli package from the official npm registry. This utility is the primary interface for the Membrane platform and is used to manage integrations.
  • [COMMAND_EXECUTION]: Employs shell commands through the membrane CLI to handle user authentication, discover available Onna actions, and execute API requests. This includes the membrane request command which allows arbitrary endpoint interaction through a proxy.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the processing of untrusted data retrieved from the Onna platform.
  • Ingestion points: Data from search results and source content retrieved from workplace applications connected to Onna.
  • Boundary markers: The instructions do not define delimiters or warnings to ignore embedded instructions within the fetched content.
  • Capability inventory: The skill can execute platform actions (membrane action run) and perform proxied API requests (membrane request) based on processed data.
  • Sanitization: No explicit sanitization or filtering of external content is specified before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 01:14 PM