paragon
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from npm. This is a vendor-controlled tool required for authentication and API interaction. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations including user login, connection management, and running API actions or proxy requests. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the following vectors:
- Ingestion points: Data is retrieved from various Paragon objects like 'Comment', 'Note', 'Email', and 'Task' which typically contain user-generated content.
- Boundary markers: The instructions do not define clear delimiters or data-wrapping techniques to prevent the agent from misinterpreting retrieved content as new instructions.
- Capability inventory: The skill allows for data modification via
membrane action runandmembrane request, providing an execution path if the agent is influenced by malicious data. - Sanitization: There is no documentation of sanitization or filtering logic applied to external data before it enters the agent's context.
Audit Metadata