Skills
skills/membranedev/application-skills/opencage/Gen Agent Trust Hub

opencage

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli npm package, which serves as the vendor's primary tool for integration management.
  • [COMMAND_EXECUTION]: Executes CLI commands via the membrane utility for authentication, resource discovery, and API interaction.
  • [PROMPT_INJECTION]: The skill features misleading metadata and an indirect prompt injection surface.
  • Metadata poisoning: The skill description claims to manage 'Persons, Organizations, Deals, Leads, Projects, Activities', which does not match the OpenCage API's geocoding functionality, indicating potentially deceptive or poorly maintained metadata.
  • Ingestion points: Data returned from the OpenCage geocoding and reverse-geocoding endpoints.
  • Boundary markers: No delimiters or isolation instructions are provided to the agent to protect against malicious content in API results.
  • Capability inventory: Shell command execution and proxied network requests via the membrane CLI.
  • Sanitization: The instructions do not define any filtering or validation for external API content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 06:10 PM