shiftleft
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool (@membranehq/cli) from the npm registry. This is a legitimate requirement for the skill's functionality and originates from the vendor's own package scope.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform administrative and operational tasks, including authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These commands are standard for the tool's intended use.
- [DATA_EXFILTRATION]: The skill enables communication with the ShiftLeft API through the membrane request proxy. This allows the agent to retrieve security findings and interact with the service, which is the primary purpose of the integration.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection as it ingests untrusted data from external ShiftLeft scan results into the agent context via CLI command outputs. While no malicious instructions are present in the skill itself, the lack of explicit boundary markers or sanitization for processed data combined with the agent's ability to execute actions via membrane action run constitutes a potential vulnerability surface. This is documented for awareness but is assessed as safe within the context of the skill's primary purpose.
- [SAFE]: The instructions explicitly direct the agent to avoid requesting or storing sensitive credentials like API keys, instead utilizing Membrane's built-in authentication lifecycle management. This reduces the risk of credential exposure.
Audit Metadata