Skills
skills/membranedev/application-skills/practitest/Gen Agent Trust Hub

practitest

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs operations on the host system by executing the membrane CLI tool. These commands are used for user authentication, connecting to the PractiTest service, and executing API actions through the vendor's platform.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @membranehq/cli package globally via npm and uses npx to run the latest version. These packages are official tools provided by the skill's author and are hosted on the standard npm registry.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it accepts arbitrary user input to define an "intent" or "input" and places these strings directly into shell command arguments.
  • Ingestion points: The intent parameter in membrane action list and the input JSON string in membrane action run (SKILL.md).
  • Boundary markers: Absent; there are no instructions to use delimiters or to treat these parameters as data rather than instructions.
  • Capability inventory: The agent can execute arbitrary commands via the CLI and perform authenticated network requests to the PractiTest API (SKILL.md).
  • Sanitization: Absent; the skill does not specify any sanitization, escaping, or validation of user-supplied data before passing it to the command line.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 06:41 PM