simplero
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane command-line interface using
npm install -g @membranehq/cliand usesnpxto run actions. These are vendor-owned resources used to facilitate the connection between the agent and the platform.\n- [COMMAND_EXECUTION]: The skill executes various shell commands via themembraneCLI to manage user authentication, list available connections, and perform API operations on Simplero.\n- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection as it retrieves and processes data from Simplero (such as notes or email content) that may contain instructions from untrusted external actors.\n - Ingestion points: Untrusted data enters the agent context via the output of
membrane action runandmembrane requestcommands.\n - Boundary markers: There are no documented boundary markers or system instructions to disregard embedded commands in the fetched data.\n
- Capability inventory: The skill can perform write operations and modify Simplero data using
membrane action runandmembrane request.\n - Sanitization: No explicit sanitization or validation of the retrieved data is mentioned in the skill instructions.
Audit Metadata