Skills
skills/membranedev/application-skills/proxy-spider/Gen Agent Trust Hub

proxy-spider

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the membrane CLI to perform operations such as searching for connectors, establishing connections, and running service actions. This is the standard and intended method for interacting with the Membrane platform.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the official NPM registry. This is the official utility provided by the vendor (Membrane) and is a trusted dependency for this integration.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is identified because the skill ingests data from the external Proxy Spider API.
  • Ingestion points: Output from membrane action list, membrane connection list, and membrane request as described in SKILL.md.
  • Boundary markers: None are explicitly defined in the instructions to separate API data from agent instructions.
  • Capability inventory: The skill utilizes the membrane CLI for platform interactions, providing a range of capabilities for data management.
  • Sanitization: No sanitization or validation of external API content is mentioned in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 06:09 PM