tiki
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard practices for the Membrane platform with no malicious behaviors identified.
- [EXTERNAL_DOWNLOADS]: Installs the official
@membranehq/clitool from the npm registry, which is the intended utility for the vendor's platform. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform authenticated actions and manage data, which is standard operational behavior. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data retrieved from Tiki.
- Ingestion points: Action outputs in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: Shell command execution via the
membranetool. - Sanitization: Not implemented.
Audit Metadata