plasmic
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypasses were detected. The skill uses standard CLI tools for its intended purpose.\n- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is a trusted vendor resource provided by the author to facilitate secure integration.\n- [COMMAND_EXECUTION]: Utilizes themembraneCLI to manage connections, discover actions, and run API requests. These commands are necessary for the skill's functionality and do not involve unauthorized privilege escalation.\n- [PROMPT_INJECTION]: The skill interacts with external Plasmic data, which serves as a potential surface for indirect prompt injection. No malicious payloads were found in the static content.\n - Ingestion points: Plasmic API responses and project content retrieved via
membrane action runormembrane request(SKILL.md).\n - Boundary markers: None explicitly defined in the provided usage patterns.\n
- Capability inventory: The skill uses the
membraneCLI to read, search, and run actions which can modify Plasmic data (SKILL.md).\n - Sanitization: Relies on the Membrane platform's internal handling of API proxying and action execution.
Audit Metadata