webiny
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves data from Webiny CMS (e.g., content entries, form submissions), which serves as an ingestion point for untrusted external content. This creates a surface for indirect prompt injection where data could potentially influence agent actions.
- Ingestion points: Output from
membrane action runandmembrane requestcommands in SKILL.md. - Boundary markers: The instructions do not define specific delimiters to separate external data from agent instructions.
- Capability inventory: The agent has access to the
membraneCLI for executing actions and making network requests. - Sanitization: No explicit content validation or escaping of the fetched data is described.
- [EXTERNAL_DOWNLOADS]: The integration instructions include the installation of the
@membranehq/clipackage via npm. This is an expected utility from the vendor for managing connections and actions.
Audit Metadata