spaycial
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the @membranehq/cli package globally via npm. This is a vendor-owned resource used for the intended functionality of the skill.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using the membrane CLI. These commands are used to manage authentication, discover actions, and interact with the Spaycial API.
- [PROMPT_INJECTION]: The skill processes data from the external Spaycial API, which presents a surface for indirect prompt injection. 1. Ingestion points: JSON output from API requests and action executions described in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Shell access to the membrane CLI tool. 4. Sanitization: No explicit sanitization or validation of the API response is specified.
Audit Metadata