section
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the
@membranehq/clipackage from the npm registry, which is the official tool for the platform. - [REMOTE_CODE_EXECUTION]: The instructions utilize
npx @membranehq/cli@latestto discover available actions, a pattern that involves downloading and executing the latest version of the CLI tool from a remote repository at runtime. - [COMMAND_EXECUTION]: The skill requires the agent to execute multiple shell commands through the
membraneCLI to handle authentication, search for connectors, and run integration actions. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. Ingestion points: The agent is instructed to parse and act upon JSON output from commands like
membrane action listandmembrane search. Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between legitimate data and potential instructions embedded in the API responses. Capability inventory: The agent can perform significant operations including running arbitrary actions (membrane action run), making proxied HTTP requests (membrane request), and managing platform connections. Sanitization: The skill lacks instructions for sanitizing or validating external data retrieved from the CLI before it is processed by the agent.
Audit Metadata