planning-center
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
@membranehq/clifrom the NPM registry to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform authentication, search for actions, and run API requests. - [DATA_EXFILTRATION]: Sends requests to Planning Center API endpoints through the Membrane proxy service, which manages authentication headers and credential refreshes.
- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection as it processes untrusted data from the Planning Center API (e.g., person records, event descriptions).
- Ingestion points: External data retrieved via
membrane action runandmembrane requestcommands described in SKILL.md. - Boundary markers: No specific delimiters are defined in the instructions for separating untrusted data from agent instructions.
- Capability inventory: Shell command execution via the
membraneCLI utility. - Sanitization: Not explicitly implemented in the skill instructions; relies on the agent's underlying safety filters.
Audit Metadata