eden-ai
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the '@membranehq/cli' Node.js package. This is a vendor-provided tool required for authentication and executing integration actions.
- [PROMPT_INJECTION]: The skill has a standard indirect prompt injection surface because it processes external data.
- Ingestion points: Data returned from Eden AI actions, such as 'parse-resume', 'extract-text-from-image', and 'chat' (SKILL.md).
- Boundary markers: No specific boundary markers or 'ignore' instructions are provided to the agent for handling the ingested text.
- Capability inventory: The agent uses the 'membrane' CLI to run actions and perform network requests via the proxy command (SKILL.md).
- Sanitization: There is no evidence of sanitization or validation of the text extracted from external sources before it is processed by the agent.
Audit Metadata