footprint
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage globally via npm to provide the necessary command-line tools for the integration. - [COMMAND_EXECUTION]: Utilizes shell commands through the
membraneCLI to authenticate users, manage service connections, and execute platform actions. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves and processes external data from Footprint (such as comments, reports, and sustainability records) which is then provided to the agent.
- Ingestion points: Data is brought into the agent context via
membrane action runandmembrane requestoutputs. - Boundary markers: The instructions do not define specific delimiters to separate untrusted platform data from system instructions.
- Capability inventory: The agent has the capability to execute shell commands and perform network operations via the Membrane proxy.
- Sanitization: There is no evidence of sanitization or structural validation for data retrieved from the external API before it is processed by the agent.
Audit Metadata