radar
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry, which is the official tool for interacting with the vendor's platform. - [COMMAND_EXECUTION]: Provides instructions for executing shell commands using the
membraneCLI to manage authentication, search for connectors, and run actions. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it retrieves and processes data from the external Radar API.
- Ingestion points: External data enters the agent context through responses from Radar API actions and proxy requests (SKILL.md).
- Boundary markers: Absent; the skill does not define specific delimiters or instructions to prevent the agent from obeying commands embedded in the retrieved Radar data.
- Capability inventory: The skill possesses the ability to execute shell commands and perform network operations via the Membrane CLI (SKILL.md).
- Sanitization: There is no mention of sanitization or validation of the data fetched from the external API before it is processed by the agent.
Audit Metadata