freedompay

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (@membranehq/cli) from the NPM registry. This is a standard installation procedure for the platform's tooling.
  • [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to manage authentication (membrane login), create connections (membrane connect), and execute actions (membrane action run). These commands are part of the intended functionality for the integration.
  • [REMOTE_CODE_EXECUTION]: The instructions include using npx @membranehq/cli@latest to discover actions. This pattern executes the latest version of the vendor's CLI tool directly from the registry.
  • [DATA_EXFILTRATION]: No unauthorized network operations or sensitive data access patterns were found. The skill explicitly uses managed connections to handle authentication, preventing the exposure of API keys or secrets in the skill instructions or agent context.
  • [INDIRECT_PROMPT_INJECTION]: The skill interacts with external data from the FreedomPay API which presents a potential injection surface.
  • Ingestion points: Data returned from FreedomPay transactions and reports via membrane action run.
  • Boundary markers: None identified in the instructions.
  • Capability inventory: Execution of CLI commands and package installation via npm.
  • Sanitization: No specific sanitization or validation of external API responses is described in the integration logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 11:08 PM
Security Audit — agent-trust-hub — freedompay