Skills
skills/membranedev/application-skills/push-by-techulus/Gen Agent Trust Hub

push-by-techulus

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from the Push by Techulus API.\n
  • Ingestion points: Data enters the agent context via the output of membrane action run and membrane request commands in SKILL.md.\n
  • Boundary markers: There are no specific delimiters or instructions provided to the agent to disregard potentially malicious instructions within the API responses.\n
  • Capability inventory: The skill allows the agent to execute actions and network requests, which could be exploited if malicious content in API data is obeyed.\n
  • Sanitization: No explicit sanitization or validation logic is defined for the external data retrieved.\n- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from NPM. This is a vendor-owned resource from membranedev and is considered a safe dependency for this skill.\n- [COMMAND_EXECUTION]: The skill relies on executing membrane CLI commands to perform its functions. These commands are standard for the platform and are used to manage connections and run actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:50 PM