cloudquery
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where the agent processes external data retrieved from Cloudquery via the
membraneCLI. This creates an attack surface for indirect prompt injection if the queried assets or records contain malicious instructions designed to manipulate the agent's logic. - Ingestion points: Data is ingested through
membrane action runandmembrane requestcommands. - Boundary markers: The instructions do not specify any delimiters or safety markers to help the agent distinguish between data and instructions.
- Capability inventory: The agent has the capability to execute shell commands using the
membraneCLI to manage connections, list actions, and run them. - Sanitization: There is no evidence of sanitization or validation being performed on the results returned from the Cloudquery API before they are processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the NPM registry. This is a legitimate vendor tool provided by the skill's author to enable its functionality. - [COMMAND_EXECUTION]: The core functionality of the skill relies on the agent executing shell commands through the
membraneCLI. While these commands are directed at the vendor's platform, they involve running arbitrary actions and raw HTTP requests based on agent decisions.
Audit Metadata