small-improvements
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' package from the public npm registry to interact with the vendor's platform.
- [COMMAND_EXECUTION]: The skill's core functionality relies on executing various 'membrane' CLI commands in the local shell for authentication, connection management, and running integration actions.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by passing natural language strings, such as user intents and descriptions, directly as arguments to CLI commands like 'membrane action list --intent' and 'membrane action create'.
Audit Metadata