starshipit
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is the official command-line interface provided by the skill's author to handle authentication and secure API communication. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to manage connections and execute API actions. These operations are restricted to the vendor's platform and are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: The skill is designed to process external data retrieved from the Starshipit API, which represents a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through results returned by
membrane action runandmembrane requestcommands. - Boundary markers: The skill does not explicitly define delimiters or specific 'ignore instructions' markers for data retrieved from the API.
- Capability inventory: The skill provides capabilities to execute shell commands and modify remote data via the
membraneCLI. - Sanitization: There is no explicit mention of sanitizing or validating API responses before they are processed by the agent.
Audit Metadata