supercast
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official tool provided by the vendor to facilitate integration with their platform and is a necessary dependency for the skill's functionality. - [COMMAND_EXECUTION]: The skill utilizes several commands for the
membraneCLI to manage the lifecycle of a connection, including authentication, service discovery, and executing API actions. These operations are performed within the expected scope of a platform-based integration skill. - [PROMPT_INJECTION]: The skill processes data from an external source (Supercast), which creates a surface for indirect prompt injection if retrieved records contain instructions designed to influence the agent's behavior.
- Ingestion points: Data records such as Episode descriptions, Organization names, and Member details are ingested into the agent context via CLI outputs.
- Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious content within the retrieved data.
- Capability inventory: The agent has the ability to execute shell commands and perform network requests via the
membraneutility. - Sanitization: There is no evidence of data sanitization or validation logic being applied to the Supercast data before it is presented to the agent.
Audit Metadata