ironclad
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the public NPM registry. This is a vendor-owned resource used to interact with the Membrane platform. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform authentication, create connections, search for actions, and execute them against the Ironclad API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes potentially untrusted data from the Ironclad platform.
- Ingestion points: Data enters the agent's context through the output of commands like
membrane action runandmembrane action list. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external contract data as untrusted or to ignore instructions embedded within it.
- Capability inventory: The skill provides full shell access via the
membraneCLI across multiple scripts and instructions, allowing the agent to perform connection management and action execution. - Sanitization: There is no evidence of sanitization or validation of the data retrieved from Ironclad before it is processed by the agent.
Audit Metadata