unblu
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/cliglobal package from the npm registry. This is a verified tool provided by the vendor for interacting with the Membrane ecosystem. - [COMMAND_EXECUTION]: Provides instructions for using the
membranecommand-line interface to authenticate, connect to Unblu, and execute various actions or API requests. - [PROMPT_INJECTION]: The skill is designed to process data from Unblu, such as messages and conversation records, which constitutes an indirect prompt injection surface.
- Ingestion points: External data enters the agent context through CLI commands like
membrane action runandmembrane request(SKILL.md). - Boundary markers: There are no specific delimiters or markers defined to separate untrusted Unblu data from agent instructions.
- Capability inventory: The skill enables the execution of shell commands through the
membraneCLI (SKILL.md). - Sanitization: The skill does not prescribe specific sanitization or validation steps for data retrieved from the Unblu API.
Audit Metadata