softlayer
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membranecommand-line interface to perform operations such as managing connections, searching for actions, and running API requests. - [EXTERNAL_DOWNLOADS]: The instructions require installing the
@membranehq/clipackage from npm, which is the official tool provided by the vendor (membranedev) for this integration. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external SoftLayer API endpoints, creating a theoretical surface for indirect prompt injection if external records contain malicious instructions.
- Ingestion points: Output from actions and API proxy requests (SKILL.md).
- Boundary markers: No explicit delimiters are used to wrap ingested data or instructions to ignore embedded content.
- Capability inventory: The agent can execute shell commands and network operations through the
membraneCLI (SKILL.md). - Sanitization: No explicit validation or filtering of the retrieved data is mentioned in the skill instructions.
Audit Metadata