8x8
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package, an official tool from the vendor.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform 8x8 actions and proxy API requests.
- [PROMPT_INJECTION]: The skill ingests data from 8x8 which presents a surface for indirect prompt injection. 1. Ingestion points: API outputs from the membrane CLI. 2. Boundary markers: Not present. 3. Capability inventory: Shell command execution via membrane CLI. 4. Sanitization: Not implemented.
Audit Metadata