typesense
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/cliglobal package from NPM, which is the vendor's command-line tool for managing integrations. - [COMMAND_EXECUTION]: The skill executes multiple shell commands via the
membraneCLI to handle user authentication, establish connections to Typesense, and perform API operations. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection when processing search results or document content from Typesense. Ingestion points: Data enters the context via the output of
membrane action runandmembrane requestcommands. Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. Capability inventory: The skill can query and retrieve arbitrary data from Typesense collections. Sanitization: The instructions do not specify any sanitization or validation for the data retrieved from the search engine.
Audit Metadata