ragic
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is a vendor-provided tool necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to execute various operations such as authentication, searching for connectors, and running database actions. These are legitimate administrative and data management commands. - [PROMPT_INJECTION]: As a data-fetching skill, it processes external content from Ragic databases which constitutes an attack surface for indirect prompt injection.
- Ingestion points: Data is ingested via
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: No explicit delimiters are used to wrap data returned from the CLI.
- Capability inventory: The skill has the ability to execute shell commands via the CLI and perform network requests through the Membrane proxy.
- Sanitization: No specific sanitization or filtering of the Ragic data is described in the prompt logic.
Audit Metadata