google-vertex-ai
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
@membranehq/clipackage from the official NPM registry. This tool is the vendor's primary interface for managing integrations. - [COMMAND_EXECUTION]: Provides documentation for various CLI commands used to manage Vertex AI resources, including project search, connection creation, and action execution. These commands are executed by the user through the Membrane CLI.
- [DATA_EXFILTRATION]: The skill emphasizes a secure approach to authentication by leveraging Membrane's server-side credential management system. This eliminates the need for users to manually handle or store sensitive API keys in their local environment.
- [PROMPT_INJECTION]: The skill ingests data from Google Vertex AI (such as model descriptions or tuning job outputs) into the agent's context. This represents an indirect prompt injection surface where untrusted data from the external API could potentially contain instructions aimed at influencing agent behavior. This is a common characteristic of integration skills and no specific exploitation vectors were observed.
Audit Metadata