Skills
skills/membranedev/application-skills/fatture-in-cloud/Gen Agent Trust Hub

fatture-in-cloud

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official npm registry. This is a vendor-owned resource used for interacting with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to manage connections and execute actions. These are standard operations for the platform's functionality.
  • [DATA_EXFILTRATION]: The skill explicitly instructs the agent to let the platform handle credentials rather than asking the user for API keys or secrets, which is a positive security practice for preventing accidental credential exposure.
  • [PROMPT_INJECTION]: As the skill processes external data from a SaaS application (invoices, client records), there is an inherent risk of indirect prompt injection from malicious data content. This is a common attack surface for integrations, but no specific vulnerabilities were found in the skill's instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 10:51 PM
Security Audit — agent-trust-hub — fatture-in-cloud