structurizr
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests installing the
@membranehq/clipackage from the official NPM registry. This is a standard dependency provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane action run,membrane request) to perform integration tasks. These commands are consistent with the skill's purpose of managing Structurizr workspaces and diagrams. - [PROMPT_INJECTION]: The skill processes external data from the Structurizr API, which constitutes an ingestion point for potentially untrusted content. 1. Ingestion points: Data is retrieved via
membrane action runandmembrane requestcommands documented inSKILL.md. 2. Boundary markers: No specific delimiters or instructions to ignore embedded content are provided. 3. Capability inventory: The skill can execute shell commands via the Membrane CLI and perform network requests to the Structurizr API. 4. Sanitization: No explicit sanitization or validation of the retrieved API data is performed within the instructions.
Audit Metadata