arcgis-online
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package globally. This is an official utility provided by the vendor (membranedev) to facilitate the connection.
- [COMMAND_EXECUTION]: The skill relies on executing the membrane CLI to perform authentication, list actions, and run API requests. This is the primary intended mechanism for the skill's functionality.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting data from ArcGIS Online. * Ingestion points: Data enters the context via actions like get-item, get-user, and search-items in SKILL.md. * Boundary markers: No delimiters are specified to distinguish external data from the agent's core instructions. * Capability inventory: The agent has the capability to execute shell commands through the membrane CLI. * Sanitization: There is no documentation of sanitization or filtering of the content returned by the ArcGIS Online API.
Audit Metadata