microsoft-outlook
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. - Evidence:
npm install -g @membranehq/cliin SKILL.md. - Context: This is a vendor-owned CLI tool used to manage authentication and execute requests to the Microsoft Outlook API.
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations and manage service connections. - Evidence: Instructions for
membrane login,membrane connect, andmembrane action runare provided in SKILL.md. - Context: These commands are used to interact with the environment and the vendor's API gateway.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from an external service.
- Ingestion points: Reads email content, calendar events, and contact information from Microsoft Outlook (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified in the instructions for processing external content.
- Capability inventory: The agent can execute actions (
membrane action run) and raw API requests (membrane request), allowing for state-changing operations like sending emails or creating events. - Sanitization: No explicit filtering or sanitization of the retrieved data is mentioned in the skill documentation.
Audit Metadata