shortio
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
@membranehq/clipackage from the npm registry, which is the primary interface for interacting with the Membrane platform. - [COMMAND_EXECUTION]: Employs shell commands via the
membraneCLI to perform operations such as authentication, searching for available Short.io actions, and executing API requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data retrieved from the Short.io API. Malicious instructions embedded in link data or statistics could potentially influence the agent's logic.
- Ingestion points: Output from
membrane action runandmembrane requestcommands. - Boundary markers: The instructions do not define specific delimiters or guardrails for handling retrieved API data.
- Capability inventory: Capability to execute shell commands and network requests through the
membraneCLI. - Sanitization: No explicit validation or filtering of the remote API response is documented.
Audit Metadata