porter
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the installation of the @membranehq/cli package from npm. This is a legitimate tool provided by the author (membranedev) to facilitate the integration.
- [COMMAND_EXECUTION]: The skill instructions utilize the membrane CLI to manage connections and execute actions. This is the intended behavior of the skill and does not involve arbitrary or malicious command execution.
- [DATA_EXFILTRATION]: Network operations are conducted through the membrane request command, which proxies requests to the Porter API. These operations are used for legitimate data management tasks as described in the skill's purpose.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from the external Porter API. Ingestion points: Data retrieved from Porter via membrane action run and membrane request commands. Boundary markers: Not present in the instruction text. Capability inventory: Subprocess execution via membrane CLI and network access via proxy. Sanitization: The skill relies on the platform's default handling of tool outputs.
Audit Metadata