schoology
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry. This tool belongs to the skill's authoring organization and is used for platform interaction. \n- [COMMAND_EXECUTION]: The skill makes extensive use of themembraneCLI to authenticate, manage connections, and execute actions on Schoology. These are intended behaviors for the skill's purpose. \n- [PROMPT_INJECTION]: The skill ingests user-generated content from Schoology (such as assignments and discussion posts), which introduces a risk of indirect prompt injection. \n - Ingestion points: External data retrieved from Schoology via API actions (SKILL.md). \n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided. \n
- Capability inventory: The agent can execute various CLI commands and API requests using the
membranetool (SKILL.md). \n - Sanitization: There is no evidence of content sanitization or validation before the data is processed by the agent.
Audit Metadata