workiom
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the npm registry. This is an official tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as logging in, creating connections, and running actions. These commands are necessary for the skill's primary function of managing Workiom data. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data retrieved from the Workiom API.
- Ingestion points: Data returned from
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: Absent; there are no specific instructions to treat the external data as untrusted or to use delimiters.
- Capability inventory: The agent can execute CLI commands and make network requests via the proxy (SKILL.md).
- Sanitization: Absent; the skill does not explicitly describe sanitization or validation of the data retrieved from Workiom.
Audit Metadata