aevent
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package via npm, which is the official tool provided by the vendor (Membrane).
- [COMMAND_EXECUTION]: The integration relies on executing various membrane CLI commands for authentication, action discovery, and service interaction.
- [PROMPT_INJECTION]: The skill metadata includes a misleading official documentation URL that points to Adobe Analytics instead of AEvent. Additionally, the skill's primary function of reading and processing AEvent data creates an indirect prompt injection surface. Evidence: 1. Ingestion points: Data retrieved through action run and proxy request commands. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided examples. 3. Capability inventory: The skill utilizes subprocess execution for the membrane CLI and performs network requests via the Membrane proxy. 4. Sanitization: No sanitization or validation of external content is described in the skill instructions.
Audit Metadata