Skills
skills/membranedev/application-skills/barcode-lookup/Gen Agent Trust Hub

barcode-lookup

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli NPM package. This is a vendor-owned resource necessary for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via the membrane CLI in SKILL.md to manage authentication, list connections, and run actions.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting data from the external Barcode Lookup API.
  • Ingestion points: Output from the membrane action run and membrane action list commands in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided.
  • Capability inventory: Execution of the membrane CLI tool for action management and data retrieval in SKILL.md.
  • Sanitization: The skill does not perform explicit validation or sanitization of the JSON output received from the CLI before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 08:59 AM
Security Audit — agent-trust-hub — barcode-lookup