Skills
skills/membranedev/application-skills/unione/Gen Agent Trust Hub

unione

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the public npm registry. This is the official command-line interface provided by the vendor to facilitate integration.
  • [COMMAND_EXECUTION]: Shell commands are used to invoke the membrane utility for authentication (login), connection management (connect), and executing API actions (action run).
  • [DATA_EXFILTRATION]: Facilitates the transmission of data to the UniOne API. The skill uses a proxy mechanism where the vendor's platform handles authentication headers and request routing to UniOne endpoints.
  • [PROMPT_INJECTION]: The skill manages incoming communication data from sources like Email, SMS, and Viber, which creates a surface for indirect prompt injection.
  • Ingestion points: Data retrieved via membrane action run or membrane request involving user-generated message content (e.g., email bodies or SMS text) from the UniOne service.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's current configuration.
  • Capability inventory: The skill can execute shell commands via the membrane CLI and perform network requests to the UniOne API.
  • Sanitization: The instructions do not define explicit sanitization or validation logic for the content retrieved from external messaging services.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 08:12 PM