soci
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage, which is the official CLI tool provided by the vendor (membranedev) for platform operations. - [COMMAND_EXECUTION]: The skill guides the agent to use the
membranecommand-line utility for authenticating, searching for actions, and executing API requests. - [PROMPT_INJECTION]: The skill handles data from the external Soci platform, which constitutes an indirect prompt injection surface. 1. Ingestion points: Data returned from Soci API calls via
membrane action runandmembrane request. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of themembraneCLI and network proxying. 4. Sanitization: No explicit data sanitization or validation logic is specified in the instructions.
Audit Metadata