onedrive
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the Membrane CLI tool (
@membranehq/cli) globally from the official npm registry. This is a vendor-owned resource for managing the skill's environment. - [COMMAND_EXECUTION]: The skill relies on shell commands through the
membraneCLI to perform operations such as authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted data from an external file storage service.
- Ingestion points: Data is brought into the agent context via actions like
list-folder-contents,get-item-by-path, andsearch-fileswhich return file names, paths, and metadata. - Boundary markers: The instructions lack explicit directives for the agent to use XML-style tags or other delimiters to isolate untrusted external content from the system prompt.
- Capability inventory: The skill possesses capabilities to modify the user's environment, including deleting items (
delete-item), uploading files (upload-small-file), and renaming items (rename-item). - Sanitization: There is no evidence of data sanitization or validation logic to filter out potentially malicious instructions embedded in OneDrive file data.
Audit Metadata