self-integration
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Dynamic Execution (MEDIUM): The skill uses the Membrane Agent API to dynamically build connectors and actions based on natural language prompts. This is a form of remote code generation where logic is defined at runtime.
- Data Exposure & Exfiltration (LOW): The skill requires a high-privilege MEMBRANE_TOKEN to interact with external services and sends action inputs and prompts to api.getmembrane.com.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data via prompts for the agent and search intents. Evidence Chain: 1. Ingestion points: prompt field in POST /agent/sessions, intent parameter in GET /actions, and input in action runs. 2. Boundary markers: Absent. 3. Capability inventory: Action execution on connected apps and remote tool creation via API. 4. Sanitization: Absent.
Audit Metadata