u301
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage globally via npm. This is a vendor-owned package used for the skill's core functionality. - [COMMAND_EXECUTION]: The skill relies on executing shell commands through the
membraneCLI tool to perform authentication, discover API actions, and execute requests against the U301 service. - [PROMPT_INJECTION]: The skill processes external data retrieved from the U301 API via
membrane action runandmembrane requestcommands. - Ingestion points: Data returned from the U301 API endpoints (referenced in SKILL.md).
- Boundary markers: None present; the skill does not explicitly instruct the agent to use delimiters when processing API responses.
- Capability inventory: Subprocess execution of the
membraneCLI tool across all integration steps (SKILL.md). - Sanitization: No specific sanitization or validation steps are defined for the data received from the external API.
Audit Metadata