planso-forms
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal package from the npm registry to interact with the service. This is a vendor-managed tool. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform various operations, including authentication (membrane login), connection management (membrane connect), and executing API actions (membrane action run). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external sources.
- Ingestion points: Data enters the agent's context through form definitions and user submissions retrieved via
membrane action runandmembrane requestcommands. - Boundary markers: The provided instructions do not include specific delimiters or guidance to treat retrieved form content as untrusted data.
- Capability inventory: The skill provides capabilities to execute further actions and make arbitrary API requests via the Membrane proxy, which could be manipulated by malicious content in a form submission.
- Sanitization: There are no instructions for the agent to sanitize or validate the content of the data retrieved from PlanSo Forms before processing it.
Audit Metadata