servicem8
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI (@membranehq/cli) globally via npm to facilitate API interactions. This tool is provided by the skill's author to manage service integrations.
- [COMMAND_EXECUTION]: Executes various membrane CLI commands for authentication, connection management, and proxying requests to the ServiceM8 API. These commands are part of the standard operating procedure for the vendor's integration ecosystem.
- [PROMPT_INJECTION]: The skill processes data from the ServiceM8 API, which creates a potential surface for indirect prompt injection.
- Ingestion points: Output from membrane action run and membrane request commands in SKILL.md.
- Boundary markers: Absent; there are no explicit delimiters used to isolate external data from the agent's instructions.
- Capability inventory: The agent has the ability to execute commands and perform network operations through the membrane CLI tool.
- Sanitization: No explicit sanitization or validation of external API data is described in the integration instructions.
Audit Metadata