azure-api-management
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official Membrane CLI (
@membranehq/cli) from the public NPM registry. This tool is provided by the skill's author to facilitate interactions with their integration platform. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform administrative tasks, including authentication (membrane login), connection setup (membrane connect), and running API actions. These commands are standard for managing the integration lifecycle. - [REMOTE_CODE_EXECUTION]: The skill includes functionality to dynamically create integration actions via the
membrane action createcommand. This enables the vendor's platform to generate and execute logic based on natural language descriptions provided by the user. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection where natural language intents are passed to the CLI (e.g., via the
--intentparameter). The output of these commands is then processed by the agent to determine next steps.
Audit Metadata