skillzrun
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package, which is a vendor-owned tool for handling authentication and API interactions safely.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) due to its interaction with external API data. 1. Ingestion points: Untrusted data from SkillzRun enters the agent context through 'membrane action run' and 'membrane request' outputs. 2. Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions for the API responses. 3. Capability inventory: The skill allows network requests and action execution via the CLI. 4. Sanitization: No sanitization of API data is specified before processing.
Audit Metadata