signal-sciences
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI tool (@membranehq/cli) from the NPM registry to facilitate interaction with the Membrane platform.\n- [REMOTE_CODE_EXECUTION]: Executes the latest version of the Membrane CLI via npx, which involves fetching and running code from a remote registry.\n- [COMMAND_EXECUTION]: Uses various membrane CLI commands to manage connections, authenticate, and perform API requests against Signal Sciences.\n- [PROMPT_INJECTION]: The skill ingests data from Signal Sciences (such as web request logs and security signals) which may contain attacker-controlled text, creating a surface for indirect prompt injection.\n
- Ingestion points: Untrusted data enters the agent context through membrane action run and membrane request commands.\n
- Boundary markers: No delimiters or specific ignore-instructions are provided to isolate the processed data from agent instructions.\n
- Capability inventory: The skill possesses the ability to perform write operations (POST, PUT, PATCH, DELETE) to the Signal Sciences API via the proxy request command.\n
- Sanitization: No explicit sanitization or validation of the retrieved external content is performed before processing.
Audit Metadata