integrate-any-external-app
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch and execute the@membranehq/clipackage. This is an official utility provided by the skill author (Membrane Inc) and is used for its intended purpose of platform interaction. - [COMMAND_EXECUTION]: The skill executes local shell commands via the Membrane CLI to manage authentication, list connections, and run actions. These operations involve accessing the tool's own credentials in
~/.membrane/credentials.jsonand communicating with the vendor's API athttps://api.getmembrane.com. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from external applications (e.g., Slack messages, Jira tickets) via integration actions.
- Ingestion points: Data returned from external app actions (e.g.,
action run) and agent session updates (e.g.,agent-session get). - Boundary markers: None explicitly defined in the provided workflow to distinguish untrusted external data from the agent's instructions.
- Capability inventory: The skill can execute arbitrary actions on connected external apps and initiate agent sessions that generate integration code.
- Sanitization: No explicit sanitization or filtering of external application content is described in the workflow.
Audit Metadata