vmware
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli package from the npm registry. This is a vendor-provided tool used to interact with the Membrane platform.
- [COMMAND_EXECUTION]: Utilizes the membrane command-line utility for authentication, connecting to VMware, and executing automated workflows. These operations are part of the intended functionality for managing virtualization infrastructure.
- [PROMPT_INJECTION]: Identification of an indirect prompt injection vulnerability surface. Untrusted data can enter the system through natural language queries and action descriptions. Ingestion points: Untrusted data enters via the --intent, DESCRIPTION, and --input parameters in SKILL.md. Boundary markers: There are no specific boundary markers or instructions to the agent to disregard instructions within the data. Capability inventory: The agent has the capability to execute shell commands (membrane action run, membrane action create) using these inputs. Sanitization: No explicit sanitization or validation of the input data is performed before it is passed to the command-line interface.
Audit Metadata