parma
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include the global installation of the
@membranehq/clinpm package, which is necessary for the agent to communicate with the Membrane platform and the Parma API. This package is provided by the skill's vendor. - [COMMAND_EXECUTION]: The skill executes multiple commands using the
membraneCLI tool, including logging in, searching for connectors, and running specific API actions. These operations are standard for the skill's stated purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it allows user-provided data to be interpolated into CLI command arguments and API request parameters.
- Ingestion points: Untrusted data enters the agent context through the
--inputflag inmembrane action runand via query/path parameters inmembrane requestas documented inSKILL.md. - Boundary markers: The skill does not define specific delimiters or warnings to prevent the agent from interpreting instructions embedded within these data fields.
- Capability inventory: The skill has the capability to perform network requests and execute platform actions through the
membraneCLI. - Sanitization: The skill instructions do not specify any validation or sanitization routines for external data before it is passed to the CLI.
Audit Metadata