tempo
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This package is an official tool provided by the vendor to facilitate secure API communication and authentication. - [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line interface to interact with Tempo. This includes operations for authentication, connection management, and data retrieval/manipulation. These operations are scoped to the intended functionality of the skill. - [PROMPT_INJECTION]: The skill processes data fetched from Tempo endpoints, which constitutes a surface for indirect prompt injection if external data (such as worklog descriptions) contains malicious instructions.
- Ingestion points: Data returned from
membrane action run,membrane action list, andmembrane requestcommands. - Boundary markers: Absent. The instructions do not define specific delimiters to isolate external data from the agent's instructions.
- Capability inventory: Execution of shell commands via the
membraneCLI tool. - Sanitization: Absent. The skill relies on the agent's default handling of tool outputs.
Audit Metadata