tookan
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install and execute the
membranecommand-line interface. This includes global installation via npm and the use of various subcommands (login,search,connect,action run,request) to manage connections and interact with the Tookan API. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-provided tool designed to facilitate authenticated API interactions and connection management. - [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill retrieves and processes data from external sources (the Tookan API), such as task descriptions, customer records, and reports. If these fields contain malicious instructions, they could influence the agent's behavior.
- Ingestion points: Data returned from Tookan actions or proxy requests executed via the CLI.
- Boundary markers: No specific delimiters or warnings are provided to isolate untrusted external data from the agent's instructions.
- Capability inventory: The agent has shell command execution capabilities and authenticated access to external service APIs.
- Sanitization: The skill does not provide instructions for sanitizing, validating, or escaping content retrieved from the external API before processing.
Audit Metadata