dronedeploy
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally using npm. This package is the official command-line tool for the Membrane platform, used to manage integrations and authentication.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via the 'membrane' CLI to perform operations such as searching for connectors, establishing connections, and running DroneDeploy actions. This includes passing JSON-formatted input parameters to the tool.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from DroneDeploy, including map reports, annotations, and elevation profiles, which enter the agent's context through CLI outputs. While the skill instructs the agent to use the CLI to interact with this data, it does not define specific boundary markers or sanitization logic for content retrieved from the external API. The agent's capability to execute further shell commands via the 'membrane' tool creates a surface for potential indirect influence if external data contains malicious instructions.
Audit Metadata