Skills
skills/membranedev/application-skills/partnerize/Gen Agent Trust Hub

partnerize

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package via npm and uses npx to execute the latest version of the tool. These are official resources provided by the skill author's organization.
  • [COMMAND_EXECUTION]: The agent is instructed to execute CLI commands such as membrane login, membrane connect, and membrane action run to manage authentication and interact with the Partnerize platform.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it processes data retrieved from the Partnerize API. 1. Ingestion points: Content returned from membrane action run and membrane request commands. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the prompt logic. 3. Capability inventory: The agent has the ability to execute subprocess commands via the membrane CLI. 4. Sanitization: The skill relies on the structured JSON output of the CLI tool but does not implement further content filtering or validation of the API data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 12:20 PM