softr
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from NPM. This is the official command-line tool for the Membrane platform, serving as a legitimate dependency for interacting with the service. - [COMMAND_EXECUTION]: The instructions involve executing
membraneCLI commands (membrane login,membrane connect,membrane action run,membrane request) to manage Softr integrations. These commands are integral to the skill's function and operate within the context of the user's authenticated Membrane session. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data. \n
- Ingestion points: Data enters the context from Softr API responses via the
membrane action runandmembrane requestcommands. \n - Boundary markers: The instructions do not define delimiters or protective instructions to help the agent distinguish between its system goals and potentially malicious instructions embedded in the Softr data. \n
- Capability inventory: The agent has the ability to run shell commands via the CLI and perform network operations through the API proxy. \n
- Sanitization: There is no mention of sanitizing or validating API output before it is interpreted by the agent.
Audit Metadata