signicat
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI (@membranehq/cli) from the npm registry to facilitate platform interactions.
- [COMMAND_EXECUTION]: Utilizes the membrane command-line tool to search for connectors, manage connections, and execute integration actions.
- [PROMPT_INJECTION]: Processes data from external Signicat records, creating an attack surface for indirect prompt injection if retrieved content contains instructions. • Ingestion points: Data returned from membrane action run and membrane request (SKILL.md). • Boundary markers: Absent. • Capability inventory: Shell command execution via membrane CLI (SKILL.md). • Sanitization: Absent.
Audit Metadata