textline
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry to facilitate service interaction.
- [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to manage authentication, discover actions, and run integration tasks.
- [DATA_EXFILTRATION]: The skill uses the membrane request command to send data to Textline API endpoints via an authenticated proxy.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external content from Textline messages. Ingestion points: External data from Textline conversations retrieved via CLI commands (SKILL.md). Boundary markers: The skill does not define specific delimiters to isolate untrusted content. Capability inventory: The skill has the ability to run shell commands and perform network operations via the membrane CLI. Sanitization: No explicit sanitization or validation of the retrieved message content is described.
Audit Metadata