persona
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the Membrane CLI globally from the NPM registry using the command
npm install -g @membranehq/cli. This is a vendor-provided tool required for the skill's functionality. - [COMMAND_EXECUTION]: The skill executes various commands via the
membraneCLI, includingmembrane login,membrane search,membrane connect, andmembrane action run. These commands are used for session management and API interaction. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes data from the Persona API which is then interpreted by the agent.
- Ingestion points: Data returned from
membrane action runandmembrane requestcommands (e.g., customer personas, project details). - Boundary markers: None present; the instructions do not include delimiters or specific guidance to ignore instructions embedded in the API responses.
- Capability inventory: The skill can execute API actions and proxy requests to the Persona platform, allowing it to create or modify data based on the processed input.
- Sanitization: No sanitization, escaping, or validation of the external API content is performed before the data enters the agent's context.
Audit Metadata