microsoft-sharepoint
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the global installation of an external Node.js package (
@membranehq/cli) using npm. This package is hosted on the public npm registry and is required for all SharePoint operations. - [COMMAND_EXECUTION]: The instructions extensively use shell commands via the
membraneCLI to manage authentication, list connections, and execute actions. This includes administrative tasks likemembrane loginandmembrane connect. - [DYNAMIC_EXECUTION]: The skill leverages the
membrane action createcommand, which generates new executable code on the Membrane platform based on natural language descriptions. This code is subsequently executed usingmembrane action run. This represents a dynamic code generation and execution pattern. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from Microsoft SharePoint.
- Ingestion points: Untrusted data enters the agent context through actions such as
get-file-content,list-list-items, andget-list-item(SKILL.md). - Boundary markers: The instructions do not define clear delimiters or warnings to ignore embedded instructions within the processed SharePoint content.
- Capability inventory: The skill has capabilities to execute platform actions, create folders, and delete items via the
membraneCLI (SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the content retrieved from SharePoint before it is processed by the agent.
Audit Metadata