Skills
skills/membranedev/application-skills/amazon-cognito/Gen Agent Trust Hub

amazon-cognito

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally using npm. This is a vendor-owned tool required for the skill's primary functionality.
  • [COMMAND_EXECUTION]: Utilizes the membrane command-line tool to perform operations such as searching for connectors, establishing connections, and executing API actions.
  • [PROMPT_INJECTION]: The skill retrieves and processes external data which constitutes an indirect prompt injection surface.
  • Ingestion points: Tool outputs from membrane action list and membrane connection list (referenced in SKILL.md).
  • Boundary markers: None identified.
  • Capability inventory: Includes the ability to run shell commands and make network requests via membrane action run and membrane request.
  • Sanitization: No explicit sanitization of tool output is defined within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 01:14 PM