Skills
skills/membranedev/application-skills/bigcommerce/Gen Agent Trust Hub

bigcommerce

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli tool from the public npm registry. This is the vendor's official command-line utility for managing integrations.
  • [COMMAND_EXECUTION]: Employs the membrane CLI to perform e-commerce operations. All commands are documented for legitimate store management tasks.
  • [CREDENTIALS_UNSAFE]: The skill encourages secure credential handling by using the platform's login and connection mechanisms, preventing the need for local API key storage.
  • [PROMPT_INJECTION]: The skill retrieves and processes data from external BigCommerce API endpoints. This constitutes an indirect prompt injection surface. Ingestion points: Data returned from BigCommerce actions (e.g., products, orders). Boundary markers: Not specified. Capability inventory: Action execution and creation via the membrane CLI. Sanitization: Not specified in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:09 PM