oracle-cloud-hcm
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool using
npm install -g @membranehq/cli. This is an official package provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to perform various tasks, including logging in, searching for connectors, managing connections, and executing API actions or proxy requests. These commands are part of the intended functionality for platform integration. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it processes data retrieved from Oracle Cloud HCM API endpoints. Malicious instructions embedded in the workforce data or record fields could potentially influence the agent's behavior during workflow automation.
- Ingestion points: Output from
membrane action runandmembrane requestcommands. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The skill can execute various CLI commands to read and write data to external systems.
- Sanitization: No specific sanitization or validation logic is detailed in the markdown instructions.
Audit Metadata