faradaysec
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/cliutility from the NPM registry, which is a verified command-line interface provided by the platform vendor. - [COMMAND_EXECUTION]: Executes shell commands using the
membranebinary to manage authentication, list available Faraday actions, and run specific integrations. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves and processes data from external Faraday workspaces. \n
- Ingestion points: Data returned from the
membrane action list,membrane action get, andmembrane action runcommands. \n - Boundary markers: The instructions do not provide explicit delimiters or warnings to ignore instructions within the retrieved Faraday data. \n
- Capability inventory: The agent has the capability to execute commands via the Membrane CLI and perform platform-defined actions. \n
- Sanitization: No explicit validation or filtering of the content retrieved from the external platform is performed prior to processing.
Audit Metadata