product-hunt
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI package (@membranehq/cli) from the NPM registry to function. This is a vendor-owned tool used for managing API connections.- [COMMAND_EXECUTION]: The skill executes several shell commands using the membrane CLI, including 'login', 'connect', 'action run', and 'request'. These commands are used to facilitate the interaction between the agent and the Product Hunt API.- [PROMPT_INJECTION]: The skill ingests untrusted data from Product Hunt (such as posts and comments) which constitutes an indirect prompt injection surface.
- Ingestion points: Data returned from Product Hunt via 'membrane action run' or 'membrane request' commands.
- Boundary markers: None explicitly defined in the skill instructions.
- Capability inventory: The agent can execute shell commands via the Membrane CLI.
- Sanitization: No explicit sanitization or filtering of the external data is mentioned.
Audit Metadata