Skills
skills/membranedev/application-skills/quickemailverification/Gen Agent Trust Hub

quickemailverification

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the npm registry. This is a standard installation of the vendor's own command-line tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from an external service (QuickEmailVerification) that can contain attacker-controlled content.
  • Ingestion points: Data enters the agent context through the outputs of membrane action run and membrane request commands which fetch email verification results.
  • Boundary markers: There are no explicit instructions or delimiters defined to isolate the external data from the agent's instructions.
  • Capability inventory: The skill uses the membrane CLI to execute actions and network requests.
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:10 PM