the-graph
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive metadata in the 'The Graph Overview' section, listing entities such as 'Calendar', 'Mailbox', and 'Drive'. These are characteristic of productivity suites and are unrelated to the described blockchain indexing service ('The Graph'), which may mislead the agent or user regarding the skill's actual capabilities.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external blockchain subgraphs. Ingestion points: Data is ingested through 'membrane action run' and 'membrane request' commands in SKILL.md. Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded in the retrieved blockchain data. Capability inventory: The skill has the capability to execute shell commands via the 'membrane' CLI and perform network requests (SKILL.md). Sanitization: There is no evidence of output sanitization or validation before the data is presented to the agent.
- [COMMAND_EXECUTION]: The skill relies on the execution of the 'membrane' CLI tool for all operations, including authentication, connection management, and data retrieval.
- [EXTERNAL_DOWNLOADS]: The instructions prompt the user to install the '@membranehq/cli' package from npm. This is a legitimate tool provided by the skill's author ('membranedev').
Audit Metadata