api2cart
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli tool from the npm registry to facilitate platform integration.
- [COMMAND_EXECUTION]: Utilizes the 'membrane' CLI to manage authentication flows, discover available actions, and execute requests against the API2Cart service.
- [SAFE]: Authentication is handled through a secure login process (membrane login) that manages tokens server-side, preventing the exposure of API keys or credentials within the skill's instructions.
- [SAFE]: Evaluated the data ingestion surface for indirect prompt injection risks: (1) Ingestion points: External e-commerce data (products, orders) is retrieved via 'membrane action run' as described in SKILL.md. (2) Boundary markers: Operations are conducted through the Membrane CLI, which provides an abstraction layer between external data and the agent. (3) Capability inventory: Interaction is limited to vendor-defined CLI commands. (4) Sanitization: The Membrane platform enforces schema validation and managed execution of actions.
Audit Metadata