Skills
skills/membranedev/application-skills/surveysparrow/Gen Agent Trust Hub

surveysparrow

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of @membranehq/cli via npm. This is an official utility provided by the vendor (Membrane) to facilitate platform integrations.
  • [COMMAND_EXECUTION]: The documentation outlines the use of the membrane CLI to perform tasks such as action discovery and API request proxying. These commands are standard for the intended functionality of the skill.
  • [PROMPT_INJECTION]: The skill processes data from the SurveySparrow API, creating a surface for indirect prompt injection. 1. Ingestion points: SurveySparrow API responses (SKILL.md). 2. Boundary markers: None. 3. Capability inventory: membrane action run and membrane request commands (SKILL.md). 4. Sanitization: None described.
  • [CREDENTIALS_UNSAFE]: The skill adheres to secure credential management practices by delegating authentication to the Membrane platform and advising against the manual collection of API keys or tokens.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 09:58 AM