Skills
skills/membranedev/application-skills/pushbots/Gen Agent Trust Hub

pushbots

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the @membranehq/cli package globally via npm. This is the official command-line interface for the Membrane platform and is required for the skill's functionality.
  • [COMMAND_EXECUTION]: The instructions involve running various membrane CLI commands to authenticate, connect to PushBots, and execute API actions. These commands are the intended method of interaction for this integration.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves and processes data from external PushBots API endpoints.
  • Ingestion points: Data enters the agent context through the output of membrane action run and membrane request commands.
  • Boundary markers: No specific delimiters are used in the provided examples to wrap external data.
  • Capability inventory: The skill uses the membrane CLI which has the capability to perform network requests and execute predefined actions.
  • Sanitization: There are no explicit instructions for sanitizing the output from the PushBots API before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 08:56 AM