aci-payon
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry. This is the official tool provided by the vendor for managing integrations and is a standard dependency for the skill's functionality. - [COMMAND_EXECUTION]: Uses shell commands through the
membraneCLI to perform actions such as logging in, connecting to services, and running payment-related queries. These operations are scoped to the intended functionality of the payment gateway integration. - [CREDENTIALS_UNSAFE]: The skill explicitly follows best practices by instructing the agent to never ask the user for API keys or tokens, instead relying on Membrane's server-side connection management to handle the authentication lifecycle securely.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes data from external transactions and payment records.
- Ingestion points: Data enters the context via the output of
membrane action runin the SKILL.md workflow. - Boundary markers: No specific boundary markers or 'ignore' instructions are used when processing external transaction data.
- Capability inventory: The agent has the capability to execute shell commands via the
membraneCLI and manage connections. - Sanitization: There is no evidence of sanitization or schema validation performed on the raw output from external actions before it is consumed by the agent.
Audit Metadata