cdr-platform
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
membraneCLI to manage connections and run actions on the user's system.\n- [EXTERNAL_DOWNLOADS]: Recommends installing the@membranehq/clipackage from the NPM registry; this is a verified vendor-provided tool.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present where user-controlled data can be interpolated into CLI commands.\n - Ingestion points: Parameters for
membrane action run --inputand paths formembrane request.\n - Boundary markers: No delimiters or warnings to ignore embedded instructions are present in the command templates.\n
- Capability inventory: Shell command execution and network proxying via the Membrane CLI.\n
- Sanitization: No input validation or escaping logic is implemented in the skill instructions.\n- [SAFE]: The skill correctly uses Membrane's connection management for authentication, avoiding the unsafe practice of requesting manual API keys.\n- [SAFE]: The documentation link to the FFIEC banking repository is noted as a likely documentation error, as the skill's actions relate to carbon dioxide removal.
Audit Metadata