astronomer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official Membrane CLI package (@membranehq/cli) globally via npm. This package is provided by the skill vendor.
- [COMMAND_EXECUTION]: Uses the membrane CLI to execute discovered actions and make network requests to the Astronomer API. The skill uses dynamic action IDs and input parameters retrieved during runtime.
- [PROMPT_INJECTION]: The skill processes data from the Astronomer API, which presents a surface for indirect prompt injection. 1. Ingestion points: Output from 'membrane action list' and 'membrane request' commands. 2. Boundary markers: No explicit delimiters or boundary markers are used to separate API responses from the agent's instructions. 3. Capability inventory: The skill can execute actions and make arbitrary network requests via the CLI. 4. Sanitization: No sanitization of the external data is described before it enters the agent's context.
Audit Metadata