privyr
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the Membrane CLI package (@membranehq/cli@latest) from the npm registry, which is the official tool provided by the vendor to facilitate platform interactions.\n- [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform various operations, including authentication, connection management, and record manipulation via shell commands.\n- [DATA_EXFILTRATION]: Implements secure credential handling by using Membrane's server-side authentication lifecycle. The instructions explicitly direct the agent to avoid requesting or storing sensitive API keys locally, reducing the risk of accidental credential exposure.\n- [PROMPT_INJECTION]: The skill processes external data retrieved from Privyr actions, which represents a potential surface for indirect prompt injection.\n
- Ingestion points: Data returned from membrane action list and membrane action run commands is ingested into the agent context.\n
- Boundary markers: Absent; the instructions do not specify the use of delimiters to distinguish external data from instructions.\n
- Capability inventory: The agent possesses the capability to execute shell commands via the membrane CLI tool.\n
- Sanitization: Absent; there is no evidence of explicit sanitization or validation of the data retrieved from the external service.
Audit Metadata