Skills
skills/membranedev/application-skills/storyous/Gen Agent Trust Hub

storyous

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads and installs the @membranehq/cli package from the npm registry. This is a legitimate vendor tool used for platform authentication.
  • [COMMAND_EXECUTION]: Uses shell commands via the membrane CLI to manage connections, discover actions, and interact with the Storyous API.
  • [REMOTE_CODE_EXECUTION]: Employs npx to execute the latest version of the Membrane CLI for dynamic action discovery.
  • [PROMPT_INJECTION]: Ingests data from the external Storyous API, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Data retrieved via membrane action run and membrane request commands.
  • Boundary markers: None present in the instructions to isolate external data.
  • Capability inventory: Access to shell execution through the vendor's CLI.
  • Sanitization: No explicit validation or sanitization of API responses is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 03:44 AM