papyrs
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage via npm and usingnpxto run the latest version, which are official vendor-distributed tools from the author's platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to execute actions and manage API requests, which involves shell command execution within the agent's environment. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it retrieves and processes content from Papyrs pages and comments. * Ingestion points: Data retrieved via
membrane action runandmembrane requestcommands in SKILL.md. * Boundary markers: No explicit markers or delimiters are defined in the instructions to isolate external data from instructions. * Capability inventory: Shell command execution via themembraneCLI is available across the integration. * Sanitization: No sanitization or filtering of external Papyrs content is specified in the skill's logic.
Audit Metadata