thanksio
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clitool vianpm. This is a vendor-owned utility used for managing integrations. - [COMMAND_EXECUTION]: Various shell commands using the
membraneCLI are defined to facilitate searches, authentication, and execution of Thanks.io API actions. - [PROMPT_INJECTION]: The skill processes external data retrieved from Thanks.io (such as recipient information and mailing list data), which represents a potential surface for indirect prompt injection if that data contains malicious instructions. This is a common property of API-integrating skills.
Audit Metadata