teamcamp
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from npm. This is a legitimate tool provided by the author (membranedev) to interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to manage connections and execute project management tasks. These commands are necessary for the skill's functionality and are executed with the user's implicit permission during setup. - [PROMPT_INJECTION]: The skill processes data from Teamcamp, which represents an attack surface for indirect prompt injection if an attacker embeds instructions in project tasks or comments. This is an inherent risk of data-processing integrations rather than a malicious feature of the skill.
- Ingestion points: Data is ingested via
membrane action runandmembrane requestcommands as described in SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded prompts are provided in the skill text.
- Capability inventory: The skill uses the
membraneCLI for all network and account operations. - Sanitization: No explicit sanitization or filtering of external API data is performed within the instructions.
Audit Metadata