opsgenie
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to install and use the
@membranehq/clitool. This is a standard operational requirement for the vendor's integration ecosystem and does not pose an inherent security risk when used as described. - [DATA_EXFILTRATION]: While the skill performs network operations to Opsgenie and Membrane's infrastructure, these are essential for its primary function. The skill explicitly advises against handling raw credentials locally, which reduces the risk of credential exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by processing external data from Opsgenie (such as alerts or user metadata) which could potentially contain malicious instructions.
- Ingestion points: Data enters the agent context through
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: None explicitly defined in the provided instructions to separate external data from agent instructions.
- Capability inventory: The skill can perform network operations via
membrane requestand execute state-changing actions in Opsgenie viamembrane action run(SKILL.md). - Sanitization: There are no explicit instructions for the agent to sanitize or validate the content of the data retrieved from Opsgenie before processing it.
Audit Metadata