btcpay-server
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli npm package, which is an official tool developed by the platform vendor for service integration.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to perform authentication, search for capabilities, and execute actions against the BTCPay Server API.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external invoices and payment requests. 1. Ingestion points: Actions that retrieve external data such as list-invoices, list-stores, and get-payment-request (SKILL.md). 2. Boundary markers: No specific delimiters are defined to separate external data from system instructions. 3. Capability inventory: The membrane CLI allows for network requests and server-side data manipulation (SKILL.md). 4. Sanitization: No sanitization or validation of the retrieved API data is mentioned in the instructions.
Audit Metadata