cloudcart
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: Uses the
membranecommand-line tool to manage connections, search for actions, and execute e-commerce workflows. These commands are restricted to the functionality of the Membrane platform. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from CloudCart (products, orders, customers).
- Ingestion points: Data retrieved from CloudCart APIs through
membrane action runcommands. - Boundary markers: None identified in the skill instructions.
- Capability inventory: The skill allows execution of shell commands via the Membrane CLI.
- Sanitization: No specific sanitization or filtering of retrieved data is described.
Audit Metadata