supportivekoala
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is a command-line interface provided by the skill's author to manage integrations and authentication. - [COMMAND_EXECUTION]: The skill uses shell commands to interact with the
membraneCLI for logging in, managing connections, and executing actions against the Supportivekoala API. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from external API responses (e.g., customer inquiries and pipeline data). * Ingestion points: Data enters the agent context via
membrane action runandmembrane requestcommands which fetch Supportivekoala data. * Boundary markers: None explicitly defined in the provided instructions. * Capability inventory: Uses themembraneCLI to execute pre-defined actions and arbitrary API requests. * Sanitization: No specific sanitization or filtering of API responses is documented within the skill instructions.
Audit Metadata