vidizmo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a vendor-owned tool required for the skill to function. \n- [COMMAND_EXECUTION]: The skill executes various shell commands using themembraneCLI to perform authentication, search for connectors, and run actions against the VIDIZMO service. \n- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface because it ingests data from external API responses and uses that data to inform subsequent agent actions. \n - Ingestion points: Action definitions and connection identifiers retrieved from the VIDIZMO API via
membrane action listandmembrane connection list. \n - Boundary markers: Absent; the instructions do not define delimiters or warnings to ignore instructions embedded in the API data. \n
- Capability inventory: The skill possesses the capability to execute shell commands and perform arbitrary network requests through the
membraneCLI as documented in SKILL.md. \n - Sanitization: There is no evidence of validation or sanitization applied to the data returned from VIDIZMO before it is processed by the agent.
Audit Metadata