pymetrics
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the official Membrane CLI package (@membranehq/cli) from the npm registry. This is an expected dependency for skills authored by the vendor.
- [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line tool for authenticated operations, searching for connectors, and executing actions. These commands are necessary for the skill's documented functionality and are performed within the vendor's ecosystem. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests and processes data from the Pymetrics platform. 1. Ingestion points: External data retrieved from Pymetrics via
membrane action runandmembrane request(SKILL.md). 2. Boundary markers: Absent; there are no specific instructions to the agent to disregard embedded commands in the fetched data. 3. Capability inventory: The agent can execute shell commands using themembranetool as documented in SKILL.md. 4. Sanitization: No evidence of data sanitization or escaping before processing external content.
Audit Metadata