speakeasy
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official Membrane CLI package (@membranehq/cli) from the NPM registry.
- [COMMAND_EXECUTION]: The skill uses local CLI commands to manage authentication and interact with the Speakeasy API through the Membrane proxy.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests meeting transcripts and recordings from the Speakeasy platform. \n
- Ingestion points: External data is retrieved via the
membrane action runcommand as described in SKILL.md. \n - Boundary markers: The instructions do not define specific delimiters to isolate external data from instructions. \n
- Capability inventory: The skill can execute CLI commands via
membraneand perform network operations viamembrane request. \n - Sanitization: There is no mention of sanitization or filtering for the processed records.
Audit Metadata