mslm-cloud
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the
@membranehq/clipackage for installation via NPM. This is a vendor-owned tool from the same author as the skill.\n- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the Membrane CLI for managing cloud resources.\n- [PROMPT_INJECTION]: This skill possesses an indirect prompt injection surface as it retrieves data from Mslm Cloud. 1. Ingestion points: External data enters via 'membrane action run' and 'membrane request'. 2. Boundary markers: No specific delimiters or safety instructions are defined in the SKILL.md. 3. Capability inventory: Subprocess calls to the 'membrane' CLI. 4. Sanitization: No sanitization or validation of the retrieved cloud data is described.
Audit Metadata