hiveage

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to interact with the Hiveage API. This is the intended and documented way to use the platform's skills.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from npm, which is the official tool provided by the vendor.
  • [DATA_EXPOSURE]: While the skill accesses sensitive financial data (invoices, payments, contacts), it does so through authenticated connections managed by the Membrane platform, avoiding local credential storage.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection as it retrieves data from Hiveage (e.g., invoice descriptions, contact names) that could be controlled by an external party. However, this is inherent to the integration's purpose and the risk is considered low.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:09 PM
Security Audit — agent-trust-hub — hiveage