oracle-cloud-hcm
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation and use of the Membrane CLI tool (@membranehq/cli) from the NPM registry to interact with the service.\n- [COMMAND_EXECUTION]: The skill executes local shell commands using the membrane CLI to manage connections and trigger actions.\n- [REMOTE_CODE_EXECUTION]: Commands such as membrane action run and membrane action create involve executing or generating integration logic on the Membrane platform.\n- [PROMPT_INJECTION]: The skill ingests workforce and HR data from Oracle Cloud HCM, representing a surface for indirect prompt injection.\n
- Ingestion points: Worker records, absence records, and talent profiles fetched via the Oracle Cloud HCM integration.\n
- Boundary markers: None specified; data is incorporated directly into the context.\n
- Capability inventory: Shell command execution via the membrane CLI for action management and network operations.\n
- Sanitization: No specific sanitization or escaping mechanisms are implemented for the external data.
Audit Metadata