dropbox
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform actions and requests against the Dropbox API. This involves running shell commands for authentication, file management, and data retrieval.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: External data retrieved from Dropbox via membrane action run and membrane request commands in SKILL.md.
- Boundary markers: No delimiters or ignore instructions are used to separate ingested data from agent instructions.
- Capability inventory: The agent can execute shell commands through the membrane CLI to interact with the file system and external APIs.
- Sanitization: The skill does not implement sanitization or validation of the data fetched from Dropbox.
Audit Metadata