braze
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a vendor-owned tool from membranedev used to facilitate authentication and API communication. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform several operations, including user authentication (membrane login), connecting to Braze (membrane connect), and executing actions or proxy requests (membrane action run,membrane request). These are legitimate vendor functionalities. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it retrieves and processes data from Braze (such as user profiles, campaigns, and email templates) which could contain adversarial instructions intended to influence the agent's behavior. Ingestion points: Data retrieved from the Braze API via actions like
export-user-by-id,get-email-template, andlist-campaigns. Boundary markers: No specific delimiters or instructions are defined to isolate external data from the agent's instruction context. Capability inventory: The skill can perform actions with side effects, such assend-messages,update-subscription-status, anddelete-usersusing themembraneCLI. Sanitization: No explicit sanitization or validation of the content retrieved from Braze is implemented before it is presented to the agent.
Audit Metadata