infobip
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clitool from the npm registry. This is a vendor-owned resource used for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes
membraneCLI commands to manage authentication, search for connectors, and execute Infobip-specific actions. These commands are the intended method for utilizing the integration. - [PROMPT_INJECTION]: The skill ingests untrusted data from Infobip, such as message logs and reports, which creates an attack surface for indirect prompt injection. Malicious instructions embedded in received messages could potentially influence the agent's actions if processed without delimiters. Ingestion points: Infobip message content, logs, and delivery reports (retrieved via
membrane action run). Boundary markers: None present in the instructions. Capability inventory: Sending SMS, WhatsApp, and Email messages, and managing Two-Factor Authentication (TFA) via the CLI. Sanitization: No sanitization or validation of the retrieved message content is mentioned.
Audit Metadata