google-cloud-dataflow
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from NPM. This is an official utility provided by the vendor membranedev and is used to facilitate the integration.
- [COMMAND_EXECUTION]: Multiple membrane CLI commands are used to manage service connections and run data processing actions.
- [PROMPT_INJECTION]: The skill retrieves and processes external data from Google Cloud Dataflow, which acts as a surface for indirect prompt injection.
- Ingestion points: Data retrieved via membrane action run and membrane request commands.
- Boundary markers: No boundary markers or 'ignore' instructions are used to delimit external data from the system prompt.
- Capability inventory: Shell command execution via the membrane CLI.
- Sanitization: No evidence of data sanitization or input validation was found for the processed pipeline data.
Audit Metadata