mirantis
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official npm registry and uses npx to execute the latest version at runtime. This is the official command-line tool for the platform.
- [COMMAND_EXECUTION]: The instructions guide the agent to perform various operations, including authentication, connection management, and action execution, by running shell commands using the installed membrane CLI.
- [DATA_EXFILTRATION]: The skill provides a mechanism to send data to external Mirantis API endpoints via the membrane request proxy command as part of its primary integration purpose.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests and processes data from external Mirantis API responses. * Ingestion points: Data retrieved via the membrane action run and membrane request commands. * Boundary markers: None specified in the instructions to separate untrusted content from agent instructions. * Capability inventory: Shell command execution via the membrane CLI and network requests via the proxy. * Sanitization: No explicit sanitization or validation of the external API responses is mentioned.
Audit Metadata