zitadel
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/cliglobal package via NPM. This is a known vendor resource for the Membrane platform and is necessary for the skill's operations. - [COMMAND_EXECUTION]: Multiple shell commands are utilized to interact with the ZITADEL platform through the
membraneutility. This includes logging in, searching for connectors, and executing API actions, which minimizes direct exposure of credentials by handling auth logic within the CLI. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes structured JSON data from external command outputs to determine subsequent logic.
- Ingestion points: Output from
membrane action listandmembrane connection listcommands (SKILL.md). - Boundary markers: No specific delimiters or instructions provided to the agent to disregard instructions potentially embedded in the tool's output.
- Capability inventory: Execution of API actions via
membrane action runand arbitrary network requests viamembrane request. - Sanitization: No explicit sanitization or validation of the schema or descriptions returned by the CLI is described.
Audit Metadata