victorops
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation and use of the
@membranehq/clipackage from the official npm registry. This is a standard tool provided by the vendor (membranedev) to facilitate platform integrations. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as searching for actions, connecting to services, and running VictorOps API requests. These commands are legitimate and consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from the VictorOps API (incidents, schedules, etc.).
- Ingestion points: Output from
membrane action runandmembrane requestcommands inSKILL.md. - Boundary markers: None are explicitly defined in the provided instructions for handling retrieved data.
- Capability inventory: The agent can execute system commands via the
membraneCLI as described inSKILL.md. - Sanitization: The instructions do not specify sanitization for data returned from the external API.
Audit Metadata