raet
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm and utilizesnpxto run the latest version. This package is an official tool provided by the vendor 'membranedev'. - [COMMAND_EXECUTION]: The skill relies on several shell commands executed via the Membrane CLI, including
membrane login,membrane action list,membrane action run, andmembrane request, to perform its primary functions. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes dynamic data from the Raet/Membrane API to discover and execute actions.
- Ingestion points: Data returned from
membrane action list(action IDs and input schemas) andmembrane connection list(connection IDs). - Boundary markers: None; there are no instructions provided to the agent to treat fetched action descriptions or schemas as untrusted content.
- Capability inventory: The skill can execute arbitrary actions (
membrane action run) and make network requests (membrane request) based on the fetched data. - Sanitization: There is no evidence of sanitization or validation performed on the action definitions before they are used to generate CLI commands.
Audit Metadata