Skills
skills/membranedev/application-skills/gopay/Gen Agent Trust Hub

gopay

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user/agent to install and execute the @membranehq/cli package. This is a legitimate tool provided by the skill's author (membranedev) for interacting with their platform.
  • [CREDENTIALS_UNSAFE]: The skill correctly avoids requesting or hardcoding API keys. It uses membrane login and membrane connect to manage OAuth flows and server-side credential storage, which is a recommended security practice.
  • [PROMPT_INJECTION]: There is a minor indirect prompt injection surface where the skill passes natural language strings to the CLI via the --intent and create arguments. While this data is processed by the Membrane platform to find or build actions, the risk is localized to the platform's interpretation of those strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:19 AM
Security Audit — agent-trust-hub — gopay