upcloud
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the skill author (membranedev) to interact with their platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage UpCloud resources, including server lifecycle management, firewall rules, and network configuration. These commands are standard operations for the intended purpose of the skill. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes data from the UpCloud API. * Ingestion points: Data retrieved from UpCloud via
membrane action runandmembrane requestcommands. * Boundary markers: No specific boundary markers or instructions to ignore embedded commands are defined. * Capability inventory: The skill has the capability to modify cloud infrastructure, such as creating, deleting, or modifying servers and networking components. * Sanitization: The instructions do not describe explicit sanitization or validation of data retrieved from the external API.
Audit Metadata