cognito
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is an official utility provided by the vendor for managing integrations and authenticating with the Membrane platform. - [COMMAND_EXECUTION]: The instructions leverage the
membraneCLI to manage connections and execute actions against the Cognito API. These commands are the intended mechanism for the skill's functionality and do not involve arbitrary or suspicious shell execution. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing data retrieved from AWS Cognito.
- Ingestion points: Data is ingested through the output of
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: There are no specific delimiters or instructions provided to the agent to treat external data as untrusted content.
- Capability inventory: The agent can execute various CLI commands via the
membraneutility to read and write data (SKILL.md). - Sanitization: No explicit sanitization or validation logic is defined for handling the data returned from the external API.
Audit Metadata