fidel-api
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official tool provided by the vendor (Membrane) to facilitate secure API integrations and manage the authentication lifecycle server-side. - [COMMAND_EXECUTION]: Interaction with the Fidel API is performed using shell commands via the
membraneCLI. These commands allow the agent to authenticate, search for available actions, and execute API requests. The skill also supports dynamic creation of new actions on the Membrane platform using natural language descriptions. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the skill retrieves and processes data from the external Fidel API (such as transaction details or program metadata).
- Ingestion points: Data returned from the Fidel API via the
membrane action runcommand (e.g., card details, transaction lists). - Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded content in the retrieved data.
- Capability inventory: The skill has the capability to execute shell commands and create new actions on the remote platform.
- Sanitization: No specific sanitization or validation logic is defined for the content ingested from the API.
Audit Metadata