Skills
skills/membranedev/application-skills/sheetdb/Gen Agent Trust Hub

sheetdb

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations like searching, connecting, and running actions. These commands are restricted to the vendor's own platform utilities.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the @membranehq/cli package from the npm registry. This is a vendor-owned package necessary for the skill's operation.
  • [SAFE]: The skill explicitly instructs the agent to let the platform handle authentication, avoiding the collection or storage of sensitive API keys or secrets within the agent's environment.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it processes data from external spreadsheets.
  • Ingestion points: Data returned from membrane action run and membrane request in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Subprocess execution via membrane CLI for API interactions.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 07:12 PM