harmonic
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm (npm install -g @membranehq/cli@latest). This tool is provided by the vendor and is necessary for managing integrations and authentication.- [COMMAND_EXECUTION]: The skill relies on executingmembraneCLI commands for authentication (membrane login), connection management (membrane connect), and data operations (membrane action run).- [PROMPT_INJECTION]: As the skill ingests and processes data from the Harmonic SaaS platform and uses it within the agent's context, it presents an indirect prompt injection surface. 1. Ingestion points: Data returned frommembrane action runcommands. 2. Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing external data. 3. Capability inventory: The agent can execute shell commands via the Membrane CLI. 4. Sanitization: No explicit sanitization or validation of the external content is performed before interpolation into the prompt.
Audit Metadata