structurizr
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/clipackage from the official NPM registry, which is the vendor's official tool for the integration. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI to manage authentication (membrane login), service connections (membrane connect), and action execution (membrane action run). - [PROMPT_INJECTION]: The skill possesses an interface that could be susceptible to indirect prompt injection through external data processed from Structurizr.
- Ingestion points: External data is introduced via the outputs of
membrane action listandmembrane action run(SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill allows the agent to execute actions and create new ones dynamically via
membrane action create. - Sanitization: No specific content sanitization or validation logic is defined for the data returned from external actions.
Audit Metadata