autodesk-bim-360
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via NPM. This is an official tool from the vendor used for managing integrations and authentication. - [COMMAND_EXECUTION]: The skill uses
membraneCLI commands to interact with the Autodesk BIM 360 API, which is the intended functionality for this integration. - [PROMPT_INJECTION]: The skill interacts with external data from the Autodesk BIM 360 API, creating a surface for indirect prompt injection. Ingestion points: Data retrieved from BIM 360 via CLI commands in SKILL.md. Boundary markers: No specific delimiters or safety instructions are defined in the markdown. Capability inventory: The agent can execute CLI commands and make network requests through the proxy. Sanitization: No explicit sanitization or validation of external content is described.
Audit Metadata