directus
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage globally via npm. This is a known tool provided by the skill's author (membranedev) to facilitate platform integrations. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
membraneCLI to manage connections, discover actions, and execute requests against the Directus API. These commands are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: The skill retrieves and processes external data from Directus, which creates a surface for indirect prompt injection where malicious content in the database could attempt to influence agent behavior.
- Ingestion points: Data is retrieved from Directus through
membrane action run(e.g.,list-items) andmembrane requestcommands. - Boundary markers: The instructions do not specify any markers or delimiters to isolate untrusted data from the system prompt.
- Capability inventory: The skill allows write operations (create/update items) and arbitrary API requests via the proxy command.
- Sanitization: No explicit validation or escaping of the retrieved content is implemented before it enters the agent's context.
Audit Metadata