smartbear
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the vendor-provided command-line interface
@membranehq/clifrom the official npm registry to interact with the SmartBear integration services. - [COMMAND_EXECUTION]: Employs shell commands via the
membraneutility to authenticate, list existing connections, discover available API actions, and execute requests against the SmartBear platform. - [DATA_EXFILTRATION]: The skill explicitly instructs against manual handling of API keys or tokens, instead utilizing a connection-based model where credentials are managed server-side by the vendor, significantly reducing the risk of credential exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from the SmartBear API, which represents a potential surface for indirect prompt injection if external records contain malicious instructions.
- Ingestion points: Data retrieved from SmartBear test cases, suites, and results via
membrane action runormembrane request(SKILL.md). - Boundary markers: None explicitly defined in the prompt templates.
- Capability inventory: Capability to perform network requests and execute predefined actions through the vendor CLI tool.
- Sanitization: Relies on the default safety filters of the underlying language model and the vendor's execution environment.
Audit Metadata