adversus
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions include installing the
@membranehq/clipackage globally via npm, which is the official CLI tool provided by the vendor. - [COMMAND_EXECUTION]: The skill relies on executing various
membraneshell commands to manage authentication, list actions, and run API requests. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of retrieving and processing external data from Adversus. 1. Ingestion points: Data is ingested from the Adversus API through actions like
get-leadand raw requests usingmembrane request. 2. Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the data retrieved from the API. 3. Capability inventory: The skill allows for data modification (write) in the Adversus platform and execution of shell commands through the CLI. 4. Sanitization: No sanitization or validation steps are defined for the content returned by the external service before it is processed by the agent.
Audit Metadata