The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally using NPM. This is the official command-line tool provided by the vendor for managing integrations and authentication.
[COMMAND_EXECUTION]: The skill utilizes several shell commands via the membrane CLI to perform login, create connections, and execute actions. Commands like membrane action create and membrane action run interpolate natural language descriptions or JSON parameters into command arguments.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from Oracle Taleo (such as candidate records or job requisitions) which is attacker-controllable if an external party modifies those records.
Ingestion points: Data retrieved via membrane action list and the results of membrane action run are provided back to the agent context.
Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the fetched data.
Capability inventory: The agent has the capability to execute shell commands (via the Membrane CLI) and modify remote data through actions.
Sanitization: There is no evidence of sanitization or validation performed on the data returned from the external API before the agent processes it.

oracle-taleo