mockaroo
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the Membrane CLI from the public NPM registry. This package is maintained by the skill's author and is required for the integration.
- [COMMAND_EXECUTION]: Uses the
membranecommand-line tool to manage connections, list actions, and execute integration logic. This includes the dynamic creation of new actions based on user descriptions. - [DATA_EXFILTRATION]: Facilitates data exchange with the Mockaroo service. The skill instructions prioritize security by offloading authentication and credential storage to the Membrane platform.
- [PROMPT_INJECTION]: Ingests external data from the Mockaroo API, creating a surface for potential indirect prompt injection. Ingestion points: Output from the
membrane action runcommand. Boundary markers: Delimiters or ignore-instructions for the agent are not specified in the skill content. Capability inventory: Subprocess execution and network access via the vendor's CLI. Sanitization: No explicit sanitization or validation of the retrieved external content is mentioned.
Audit Metadata