amazon-eventbridge
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Membrane CLI (@membranehq/cli) from the public NPM registry.- [COMMAND_EXECUTION]: Uses the membrane CLI to perform authentication, manage cloud connections, and execute event-driven actions.- [PROMPT_INJECTION]: Uses natural language descriptions to search for or generate API actions, creating a surface for indirect prompt injection.
- Ingestion points: User-provided strings for action intents and descriptions.
- Boundary markers: Absent in the command-line templates.
- Capability inventory: Ability to run dynamically created or discovered actions via the CLI.
- Sanitization: Relies on the Membrane platform's internal validation and processing of action definitions.
Audit Metadata