integrate-anything
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to interact with the local environment and the Membrane platform.
- Evidence: Frequent use of
npx @membranehq/cliandmembranefor logging in, searching, and running actions. - [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication tokens by storing them in a predictable local directory.
- Evidence: Authentication credentials are saved to
~/.membrane/credentials.jsonfor persistence across sessions. - [EXTERNAL_DOWNLOADS]: Utilizes external packages from the NPM registry to provide its core functionality.
- Evidence: Downloads and executes the
@membranehq/clipackage vianpx. - [DATA_EXFILTRATION]: Transmits operational data and authentication information to the vendor's cloud infrastructure.
- Evidence: Communication is directed to
https://api.getmembrane.com/*, including action inputs, connector parameters, and agent prompts. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a broad vulnerability surface for indirect prompt injection due to its integration with a vast number of external services.
- Ingestion points: Data entering the agent context via API responses from 100,000+ external apps (e.g., Slack, HubSpot) through
action runandagent-sessioncommands. - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when processing content from external API outputs.
- Capability inventory: The skill has extensive capabilities including shell command execution, file system access for credentials, and network operations.
- Sanitization: No explicit logic is defined to sanitize or validate the content returned from external APIs before it is processed by the agent.
Audit Metadata