teamgantt
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to interact with TeamGantt. It performs operations such as listing connections, searching for available actions, and running project-related actions like task management. - [EXTERNAL_DOWNLOADS]: The instructions direct users to install the
@membranehq/clipackage from npm. This is the official tool provided by the vendor (membranedev) for the platform the skill is designed to work with. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it retrieves and processes project data from TeamGantt, such as task names and comments, which could potentially contain malicious instructions.
- Ingestion points: Data is ingested via TeamGantt API responses through
membrane action runandmembrane requestcommands. - Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent to use when processing external data.
- Capability inventory: The agent can perform a variety of actions including reading and writing data to TeamGantt and executing CLI commands.
- Sanitization: There are no explicit sanitization steps described to validate or filter data retrieved from TeamGantt records.
Audit Metadata