wso2
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes how to use the
membraneCLI to execute actions and proxy requests, which creates a surface for indirect prompt injection if user-provided data is not properly sanitized before being passed to shell commands. - Ingestion points: User-supplied parameters for WSO2 actions and custom API endpoints provided in the
membrane requestcommand. - Boundary markers: Absent; the instructions do not specify the use of delimiters or provide guidance on ignoring embedded instructions within the processed data.
- Capability inventory: The skill utilizes shell command execution via the
membraneCLI, includingaction runandrequestcapabilities inSKILL.md. - Sanitization: Absent; there are no instructions for validating, escaping, or filtering user-provided content before interpolation into the command strings.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-specific tool required for the skill's operation.
Audit Metadata