plate-recognizer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the npm registry. This is an official tool provided by the vendor (Membrane) to manage service integrations and authentication. - [COMMAND_EXECUTION]: The skill utilizes several
membraneCLI commands, includinglogin,connect, andaction run, to interact with the Plate Recognizer API. These commands are necessary for the skill's primary functionality and are executed through the vendor's official command-line interface. - [PROMPT_INJECTION]: The skill ingests data from the external Plate Recognizer API, which represents a surface for indirect prompt injection (Category 8). Ingestion points include output from
membrane action runandmembrane requestcommands. There are no explicit boundary markers or sanitization routines defined in the skill documentation to mitigate malicious instructions that could be embedded in the API responses.
Audit Metadata