data247
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally vianpm install -g @membranehq/cli@latest. This package is the official command-line tool for the Membrane platform. - [REMOTE_CODE_EXECUTION]: The skill uses the
membrane action createcommand to dynamically generate new executable logic from natural language descriptions. This generated code is subsequently executed via themembrane action runcommand. - [COMMAND_EXECUTION]: The agent executes various shell commands using the
membraneCLI to manage authentication, establish connections to Data247, and perform data operations. - [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by taking natural language "intents" and "descriptions" and passing them into CLI tools that discover or create executable code.
- Ingestion points: User-provided query strings in
membrane action list --intentand natural language descriptions inmembrane action create. - Boundary markers: None identified to separate the untrusted data from the command structure.
- Capability inventory: The CLI can manage authentication, create new code-based actions, and execute these actions with access to the Data247 API.
- Sanitization: No sanitization or validation of the input strings is performed before they are processed by the CLI tool.
Audit Metadata