slottable
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli tool from the NPM registry to enable platform integration.
- [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI to perform actions such as connection management and API requests.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection during the processing of external data from the Slottable API.
- Ingestion points: API response data retrieved via membrane action run and membrane request commands in SKILL.md.
- Boundary markers: No explicit delimiters or instructions are used to separate API data from agent instructions.
- Capability inventory: The skill allows the execution of shell commands through the membrane CLI.
- Sanitization: No sanitization or validation of retrieved API data is performed before processing.
Audit Metadata