Skills
skills/membranedev/application-skills/snowflake/Gen Agent Trust Hub

snowflake

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the installation of the @membranehq/cli package from the NPM registry to facilitate Snowflake operations. This is a vendor-owned resource.\n- [COMMAND_EXECUTION]: The skill relies on shell commands executed via the membrane CLI to manage connections, handle authentication, and run database actions.\n- [DYNAMIC_EXECUTION]: The membrane action create command dynamically generates integration logic on the vendor platform based on natural language descriptions provided to the agent.\n- [INDIRECT_PROMPT_INJECTION]: Results retrieved from Snowflake queries constitute a surface for indirect prompt injection where adversarial data in the database could influence agent behavior.\n
  • Ingestion points: Data returned from the Snowflake database via the membrane action run command (SKILL.md).\n
  • Boundary markers: No explicit delimiters or instructions to ignore nested commands are provided in the command templates.\n
  • Capability inventory: The agent has access to shell command execution via the membrane CLI (SKILL.md).\n
  • Sanitization: No sanitization or validation of retrieved database content is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:14 AM