voiceflow
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured way to interact with Voiceflow using the vendor's official CLI, following security best practices for authentication and credential management.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clifrom the NPM registry. This is a legitimate dependency from the skill author's organization. - [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to execute actions and proxy requests. These commands are used as intended for the primary purpose of the skill. - [PROMPT_INJECTION]: The skill processes data from external Voiceflow endpoints, which creates a surface for indirect prompt injection. 1. Ingestion points: Data is received via
membrane action runandmembrane requestcalls in SKILL.md. 2. Boundary markers: The instructions do not specify delimiters or warnings for the agent when processing external data. 3. Capability inventory: The skill utilizes CLI commands for network requests and data management. 4. Sanitization: No explicit validation or sanitization of the Voiceflow API response is defined.
Audit Metadata