aws-s3
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using the
membraneCLI to manage AWS connections and perform storage operations. - [EXTERNAL_DOWNLOADS]: Recommends installing the
@membranehq/cliglobal package from NPM. This is a recognized vendor resource frommembranedevused for platform integration. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection (Category 8) due to its interaction with external storage.
- Ingestion points: The agent retrieves data from S3 objects using the
membrane action runandmembrane requestcommands (file: SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between data and potential instructions within S3 objects.
- Capability inventory: The skill allows listing connections, running actions, and making direct API requests, which could be exploited if an ingested object contains malicious instructions.
- Sanitization: There is no evidence of sanitization or content validation for data retrieved from S3.
Audit Metadata