clickhouse
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the official @membranehq/cli tool from the npm registry.
- [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to manage connections and execute database queries.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its processing of external database data. 1. Ingestion points: Untrusted data enters the context through 'membrane action run' and 'membrane request' commands described in SKILL.md. 2. Boundary markers: There are no specific delimiters or instructions used to prevent the agent from following directions embedded within the database content. 3. Capability inventory: The skill can execute predefined actions and perform proxied network requests via the CLI. 4. Sanitization: No mechanisms for escaping or validating database output are mentioned in the instructions.
Audit Metadata