productiveio
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage, which is the official command-line interface for the vendor's platform.- [COMMAND_EXECUTION]: Employs themembraneCLI to manage authentication, list actions, and execute requests against the Productive.io API.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external Productive.io API endpoints and possesses capabilities to write data back to the service. Ingestion points: Results frommembrane action runandmembrane requestcommands. Boundary markers: None specified in the instructions. Capability inventory:membrane action runfor executing pre-defined actions andmembrane requestfor arbitrary API calls. Sanitization: No explicit sanitization or validation of the retrieved external content is described before it enters the agent context.
Audit Metadata