conjur
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to perform operations such asmembrane login,membrane connect, andmembrane action run. These commands are used to manage the authentication lifecycle and execute functional calls to the Conjur API. - [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the
@membranehq/clipackage from the npm registry. This is a vendor-provided tool required for the skill to communicate with the Conjur environment through the Membrane platform. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes data from external Conjur endpoints (e.g., secrets, policy metadata). This is a standard risk for integration skills. The instructions do not define specific boundary markers or sanitization logic for the ingested data, which is processed using the CLI's output capabilities.
Audit Metadata