verve
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is the official command-line interface for the author's platform and is used to manage integrations safely. - [REMOTE_CODE_EXECUTION]: The skill utilizes
npxto run the vendor's official CLI tool directly. This is a common developer workflow for ensuring the latest version of a utility is used. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes data retrieved from the external Verve Group API.
- Ingestion points: External data enters the agent's context through output from the
membrane action runandmembrane requestcommands. - Boundary markers: No specific delimiters or warnings to ignore embedded instructions are present in the provided documentation.
- Capability inventory: The skill allows the agent to perform actions and make web requests through the
membraneCLI tool. - Sanitization: There is no evidence of sanitization or filtering of the external data before it is presented to the agent.
Audit Metadata