confluent
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [OBFUSCATION]: The SKILL.md file contains a significant sequence of null bytes (\u0000) following the primary header. While no specific malicious payload was decoded within this block, the presence of invisible filler content is a common technique for bypassing simple file-length or pattern-matching security scanners.
- [DYNAMIC_EXECUTION]: The skill utilizes
membrane action create, which generates executable integration logic based on natural language descriptions. This represents a dynamic execution surface where generated code behavior depends on external input. - [EXTERNAL_DOWNLOADS]: The instructions require the installation of the
@membranehq/clipackage from the global NPM registry. This is a vendor-owned tool required for the skill's functionality. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from Confluent topics and records, which serves as an ingestion point for untrusted external data. This data is processed without explicit boundary markers or sanitization, potentially allowing malicious content within records to influence the agent's behavior through capabilities like
membrane action run.
Audit Metadata