cashbuddy
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from npm. This is a global installation of the vendor's official command-line tool used to manage integrations and authentication. - [COMMAND_EXECUTION]: Shell commands are used to interact with the Membrane CLI (
membrane login,membrane connect,membrane action run). These commands are standard for the tool's operation and handle authentication and API interactions server-side. - [DATA_EXFILTRATION]: No unauthorized exfiltration was identified. The skill facilitates data movement between the agent, the Membrane platform, and the Cashbuddy service as part of its primary financial management purpose.
- [PROMPT_INJECTION]: The skill processes natural language strings for action discovery and creation (
--intent,action create "DESCRIPTION"). This presents an indirect prompt injection surface if malicious instructions are embedded in the input strings, which is a common characteristic of integration platforms that process user intent.
Audit Metadata