cloudmersive
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage. This is the official command-line tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The instructions include various
membraneCLI commands for logging in, connecting to services, and running actions. These are legitimate administrative and operational commands for the service. - [SAFE]: The skill encourages the use of managed connections and explicitly advises against asking users for API keys or secrets, which aligns with credential safety best practices.
- [PROMPT_INJECTION]: The skill processes untrusted data from external Cloudmersive APIs (e.g., OCR text extraction, entity recognition) which represents an indirect prompt injection surface.
- Ingestion points: Data returned from Cloudmersive actions such as
extract-text-from-imageoranalyze-sentimentinSKILL.md. - Boundary markers: None identified in the instructional text.
- Capability inventory: The skill facilitates command execution through the
membrane action runcommand as described inSKILL.md. - Sanitization: No explicit sanitization or filtering of API outputs is mentioned in the provided instructions.
Audit Metadata