northflank
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a documented vendor resource associated with the Membrane platform. - [COMMAND_EXECUTION]: All interaction with the Northflank API is mediated through the
membraneCLI tool. This includes authentication, action discovery, and running operations. The skill explicitly advises against manual credential handling, favoring the platform's internal security model. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface where natural language strings are passed to
membrane action list --intentandmembrane action create. While these fields ingest untrusted input that could influence which actions are found or generated, the risk is mitigated by the platform's state management and the agent's expected review of action schemas before execution. - Ingestion points: natural language queries in
membrane action listand descriptions inmembrane action create(SKILL.md). - Boundary markers: None explicitly defined in command templates.
- Capability inventory: Execution of Northflank management operations via shell commands (SKILL.md).
- Sanitization: Not explicitly documented; relies on the Membrane platform's internal validation during action generation.
Audit Metadata