usersketch
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli npm package. This is a legitimate tool provided by the vendor for interacting with their platform and does not escalate the security risk.- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to execute API actions and requests. These commands are standard for the intended integration and are used to manage connections and data.- [PROMPT_INJECTION]: The skill processes qualitative user feedback and research data from UserSketch, which constitutes a surface for indirect prompt injection. 1. Ingestion points: Data is retrieved via membrane action run and membrane request as described in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill can perform network operations via the Membrane CLI. 4. Sanitization: No specific sanitization or validation of the retrieved data is mentioned.
Audit Metadata