jfrog
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the Membrane CLI tool (@membranehq/cli) globally from the npm registry. This package is provided by the author to enable the skill's integration capabilities.
- [COMMAND_EXECUTION]: Executes shell commands via the
membraneCLI to authenticate, manage JFrog connections, and run automation actions. - [PROMPT_INJECTION]: The skill processes data retrieved from external JFrog instances, presenting a surface for indirect prompt injection.
- Ingestion points: Retrieves artifact properties, build metadata, and release bundle information from JFrog via the
membrane action runcommand. - Boundary markers: Instructions do not specify delimiters or isolation markers for data retrieved from external sources.
- Capability inventory: The agent can execute shell commands using the
membranebinary and install Node.js packages vianpm. - Sanitization: No explicit validation or filtering of content fetched from JFrog is described before it is processed by the agent.
- Mitigation: Wrap data retrieved from JFrog in distinct delimiters and instruct the agent to ignore any embedded instructions. Implement schema validation for any content returned by external actions.
Audit Metadata