trackingtime
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the official NPM registry, which is a required tool for the skill to interact with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes shell commands via the
membraneCLI to manage user authentication, search for integration actions, and execute API requests to TrackingTime. - [PROMPT_INJECTION]: The skill processes data from TrackingTime (such as tasks and reports), creating a surface for indirect prompt injection where instructions embedded in project data could influence the agent. * Ingestion points: API responses processed via
membrane action runandmembrane requestin SKILL.md. * Boundary markers: None provided. * Capability inventory: Command execution via themembraneCLI. * Sanitization: None identified.
Audit Metadata