amazon-elasticsearch
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a vendor-owned package required for the skill to function as intended. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to perform operations such as logging in, connecting to services, listing actions, and running those actions. These commands interact with both the local environment and the Membrane cloud platform. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes data from Amazon Elasticsearch instances.
- Ingestion points: Data ingested from Elasticsearch via
membrane action runor metadata frommembrane action listis processed by the agent. - Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore potentially malicious instructions embedded in the data retrieved from the database.
- Capability inventory: The agent has the ability to execute further actions via
membrane action runand create new actions viamembrane action createbased on its interpretation of the data. - Sanitization: There is no explicit sanitization or validation logic described to filter or escape content retrieved from the external data source.
Audit Metadata