banked
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI tool (
@membranehq/cli) via npm. This is a vendor-provided tool necessary for the skill's primary function. - [COMMAND_EXECUTION]: The skill relies on executing shell commands through the
membraneCLI to manage connections, discover actions, and execute workflows. These commands are scoped to the authenticated user's Membrane account. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes external data from Banked and natural language intents to search for or create new actions.
- Ingestion points: Untrusted data enters the context via the output of
membrane action listandmembrane action run(SKILL.md). - Boundary markers: None identified in the prompt instructions to delimit tool outputs.
- Capability inventory: The skill can execute actions (
membrane action run) which may include financial transactions and create new executable logic (membrane action create). - Sanitization: No specific sanitization or validation of the remote action schemas or outputs is performed within the skill instructions.
Audit Metadata