paigo
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is the official command-line interface for the Membrane platform and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill documentation provides various
membranecommand examples to search for connectors, manage connections, and execute actions. These commands are part of the intended workflow for interacting with the Paigo service through the Membrane proxy. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill emphasizes security by explicitly advising against asking users for API keys or tokens, instead utilizing Membrane's server-side connection management to handle authentication safely.
- [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it retrieves and processes records from the Paigo API. While this presents a theoretical surface for indirect prompt injection if the external data contains malicious instructions, the risk is considered low and managed by standard model guardrails.
- Ingestion points: Data retrieved from Paigo API via
membrane action runormembrane request(documented inSKILL.md). - Boundary markers: None explicitly defined in the prompt instructions.
- Capability inventory: The skill uses the
membraneCLI to execute actions and network requests (SKILL.md). - Sanitization: No explicit sanitization or filtering of API responses is mentioned in the instructions.
Audit Metadata