thinkific
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/cliNPM package. This is a vendor-owned tool used to interact with the Membrane platform and is expected for the skill's functionality.- [COMMAND_EXECUTION]: The skill uses themembranecommand-line interface to perform actions such as searching for connectors, listing API actions, and executing requests. These commands are the primary mechanism for the skill's operation.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests data from the Thinkific API (e.g., user profiles, course descriptions, and orders). While this data enters the agent context, the skill promotes the use of structured CLI actions and JSON-based communication to minimize the risk of malicious instructions being executed.
Audit Metadata