Skills
skills/membranedev/application-skills/yuki/Gen Agent Trust Hub

yuki

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the @membranehq/cli global package via NPM. This tool is the official command-line interface for the Membrane platform (SKILL.md).
  • [COMMAND_EXECUTION]: The skill instructs the AI to execute various membrane CLI commands to manage authentication, search for service connectors, and perform API operations (SKILL.md).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves data from the external Yuki API which is then provided to the agent.
  • Ingestion points: Data retrieved from the Yuki API via membrane action run and membrane request (SKILL.md).
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore instructions within the API response.
  • Capability inventory: The agent can use the membrane tool to list actions, run actions, and make HTTP requests (SKILL.md).
  • Sanitization: Absent. No filtering or escaping of the remote API content is performed before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 01:21 AM