budgetsai
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official npm registry. This is a standard procedure for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill instructions involve executing various shell commands using the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run). These commands are necessary for the skill's primary function of managing financial data and processes. - [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection as it ingests data from external Budgets.ai records which could contain adversarial instructions.
- Ingestion points: Data returned from
membrane action runandmembrane action listcommands which fetch records from the Budgets.ai API (SKILL.md). - Boundary markers: Absent; the instructions do not implement specific delimiters or warnings to ignore instructions within the retrieved financial data.
- Capability inventory: The skill uses a powerful CLI tool capable of platform authentication, action creation, and execution of remote functions (SKILL.md).
- Sanitization: Absent; there is no explicit validation or sanitization mentioned for the data returned from the third-party API.
Audit Metadata