textanywhere
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to execute commands for connection management and API action execution. - [EXTERNAL_DOWNLOADS]: The instructions require installing the
@membranehq/clipackage from the npm registry, which is the official tool from the vendor (membranedev). - [PROMPT_INJECTION]: The skill retrieves message and contact data from the TextAnywhere API, creating a surface for indirect prompt injection.
- Ingestion points: Data is retrieved via
membrane action runandmembrane request(SKILL.md). - Boundary markers: None identified.
- Capability inventory: Subprocess execution and network access via the
membraneCLI (SKILL.md). - Sanitization: None identified.
Audit Metadata