Skills
skills/membranedev/application-skills/polymer/Gen Agent Trust Hub

polymer

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally and uses npx to execute commands. These are legitimate tools provided by the vendor.
  • [COMMAND_EXECUTION]: Several membrane CLI commands are used for logging in, connecting to services, and running actions. These are standard for the tool's integration purpose.
  • [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection from data ingested via API requests. Ingestion points: Output from membrane action run and membrane request. Boundary markers: Not implemented. Capability inventory: Subprocess execution of the membrane CLI. Sanitization: No validation or sanitization of external data is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 05:17 PM