balena
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install and execute the
@membranehq/clitool globally to perform actions like searching for connectors, connecting accounts, and running Balena-specific tasks. - [EXTERNAL_DOWNLOADS]: The instructions involve downloading the Membrane CLI from the npm registry and potentially fetching configuration or action schemas from Membrane's servers.
- [INDIRECT_PROMPT_INJECTION]: The skill processes output from external CLI commands which could contain data from the Balena platform. This represents a potential surface for indirect instructions if the Balena environment contains attacker-controlled data.
- Ingestion points: Output from
membrane action list,membrane action run, andmembrane requestcommands. - Boundary markers: Not present.
- Capability inventory: The skill can execute shell commands, perform authenticated network requests via a proxy, and read local command output.
- Sanitization: No explicit sanitization or filtering of CLI output is defined in the instructions.
Audit Metadata