strapi
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official npm registry. This is a standard requirement for using the vendor's platform tools. - [COMMAND_EXECUTION]: The skill executes various shell commands via the
membraneCLI, includinglogin,search,connect, andaction run. These commands are used to manage the lifecycle of the Strapi integration and interact with the CMS data. - [PROMPT_INJECTION]: As an integration that retrieves data from an external CMS, the skill possesses an inherent surface for indirect prompt injection if the Strapi content contains malicious instructions.
- Ingestion points: Data retrieved from Strapi via
membrane action runandmembrane requestcommands (found in SKILL.md). - Boundary markers: None are explicitly defined in the provided usage examples.
- Capability inventory: Shell command execution via the
membraneCLI (found in SKILL.md). - Sanitization: No specific sanitization or escaping logic is detailed; the skill relies on the agent's internal safety mechanisms when processing retrieved content.
Audit Metadata