Skills
skills/membranedev/application-skills/bambora/Gen Agent Trust Hub

bambora

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry to enable interaction with the Membrane platform.
  • [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform administrative and operational tasks, such as logging in, creating connections, and executing actions on the Bambora service.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface (Category 8):
  • Ingestion points: Data provided by the user is passed as arguments to CLI commands, specifically for action searches (--intent) and action creation.
  • Boundary markers: The instructions do not specify the use of delimiters or clear boundaries to isolate user-supplied strings within the shell commands.
  • Capability inventory: Through the membrane action run command, the skill has the ability to interact with external payment processing APIs and modify data.
  • Sanitization: There is no evidence of input validation or sanitization for the parameters used in the CLI invocations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:54 PM