wavemaker
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the official CLI tool @membranehq/cli developed by the skill author for all interactions with the WaveMaker platform.
- [COMMAND_EXECUTION]: The instructions involve executing various shell commands to manage connections and perform actions within the WaveMaker environment.
- [SAFE]: Security best practices are followed for authentication; the skill uses a browser-based login flow and explicitly advises against the manual handling of API keys or secrets.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data retrieved from external API endpoints.
- Ingestion points: Responses from WaveMaker accessed via commands like membrane action run and membrane request.
- Boundary markers: No specific delimiters are used to wrap or isolate external data from instructions.
- Capability inventory: The agent possesses the capability to execute system commands and perform network operations via the Membrane CLI.
- Sanitization: No explicit sanitization or validation of data retrieved from the WaveMaker API is described in the integration logic.
Audit Metadata