looker
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool (
@membranehq/cli) globally via npm. This is a legitimate tool provided by the vendor (membranedev) to interact with their platform services. - [COMMAND_EXECUTION]: The skill relies on shell command execution via the
membraneCLI to perform tasks such as platform login, connection management, and action execution. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing content from external sources.
- Ingestion points: Data from the Looker platform and Membrane actions is brought into the context through the
membrane action listandmembrane action runcommands. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between system instructions and external data ingested from these commands.
- Capability inventory: The agent has capabilities to install software via npm and execute platform-specific commands using the
membraneCLI tool. - Sanitization: The instructions do not describe any sanitization, filtering, or validation steps for the content returned by the external API calls.
Audit Metadata