addressfinder-australia
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage. This is a legitimate vendor resource provided by the author's organization to facilitate secure interactions with their platform. - [COMMAND_EXECUTION]: The integration relies on executing
membraneCLI commands for connection management and API request handling. These commands are consistent with the skill's primary purpose. - [PROMPT_INJECTION]: The skill processes untrusted data from an external source, creating a surface for indirect prompt injection.
- Ingestion points: Data retrieved from the AddressFinder Australia API via
membrane action runandmembrane requestcommands (e.g., address details or geocoding data). - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the external data are present in the skill's logic.
- Capability inventory: The agent has the capability to execute CLI-based network and action commands.
- Sanitization: No explicit validation or escaping of API response content is defined, which could allow maliciously crafted address data to influence the agent's behavior.
Audit Metadata