product-fruits
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage via npm. This is an official tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill provides various commands for the
membraneCLI to manage connections and run actions. These are standard operational commands for the described integration. - [PROMPT_INJECTION]: The skill processes external data from the Product Fruits API, creating a surface for indirect prompt injection. 1. Ingestion points: Product Fruits API data (tours, checklists, users) accessed via
membrane requestandmembrane action run. 2. Boundary markers: The use of the--jsonflag suggests structured data handling by the CLI. 3. Capability inventory: Action execution and API proxying via the CLI. 4. Sanitization: Data sanitization and authentication are delegated to the underlying Membrane platform. No malicious patterns were identified.
Audit Metadata