smartsheet
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is a legitimate tool provided by the vendor (Membrane) to facilitate the integration. - [COMMAND_EXECUTION]: The skill executes several CLI commands (
membrane login,membrane action,membrane request) to manage authentication and interact with the Smartsheet API. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests and processes data from external Smartsheet resources. \n
- Ingestion points: Data from Smartsheet rows, cells, and sheets retrieved via CLI actions. \n
- Boundary markers: Absent. \n
- Capability inventory: The skill can modify or delete data using
update-rowsanddelete-sheetactions, and perform arbitrary HTTP requests via themembrane requestproxy. \n - Sanitization: No explicit sanitization or filtering of external content is described in the prompt instructions.
Audit Metadata