docomo-digital
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the Membrane CLI (
@membranehq/cli) from the NPM registry. This is a vendor-owned package used to facilitate the integration.\n- [COMMAND_EXECUTION]: Executes shell commands via themembraneCLI to perform authentication, manage connections, and trigger commerce actions.\n- [REMOTE_CODE_EXECUTION]: Supports dynamic action creation viamembrane action create, which generates and executes integration logic on the Membrane platform based on user-provided descriptions.\n- [PROMPT_INJECTION]: The skill processes commerce data from DOCOMO Digital which could theoretically contain malicious instructions. \n - Ingestion points: Data enters the context through
membrane action runandmembrane action listoutputs in SKILL.md. \n - Boundary markers: None present. \n
- Capability inventory: Ability to execute shell commands and create new platform actions via the
membraneCLI as documented in SKILL.md. \n - Sanitization: No explicit validation or sanitization of the remote data is described.
Audit Metadata