microsoft-graph-api
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
@membranehq/clipackage via NPM. This is an official utility provided by the skill author for managing integrations. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to perform authentication, discover available actions, and execute API calls to the Microsoft Graph. These operations are restricted to the functionality provided by the vendor's CLI. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from an external source (Microsoft Graph API).
- Ingestion points: External data enters the agent's context through the output of
membrane action listandmembrane action runcommands. - Boundary markers: Not present in the skill instructions.
- Capability inventory: The agent can perform file system and network operations via the
membraneCLI. - Sanitization: No explicit sanitization or filtering logic is defined for the external API responses within the skill's guidelines.
Audit Metadata