seven
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
@membranehq/clipackage globally from the NPM registry. This is a vendor-specific tool used to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill relies on executing
membraneCLI commands to perform authentication, connection management, and API actions. These commands are executed locally in the user's environment to interface with the Seven API. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes data from the Seven API (e.g., goals, habit details) which could contain adversarial instructions provided by third parties.
- Ingestion points: Data returned from
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill's prompts or documentation.
- Capability inventory: The skill possesses the capability to run further actions (
membrane action run) and make network requests (membrane request), which could be leveraged if an injection is successful. - Sanitization: No sanitization, validation, or filtering logic for the incoming API data is mentioned in the skill definition.
Audit Metadata