icepay
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the official npm registry. This is a recognized vendor tool provided by the skill author for platform interaction. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI for operations including authentication and action management. These commands are part of the intended integration workflow. - [CREDENTIALS_UNSAFE]: Encourages secure credential handling by using Membrane's server-side connection management rather than storing or requesting sensitive API keys directly.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection where user-supplied natural language queries are processed by the CLI.
- Ingestion points:
SKILL.md(parameters for the--intentandDESCRIPTIONCLI arguments). - Boundary markers: No explicit delimiter markers are used in the command instructions.
- Capability inventory:
SKILL.mdallows the agent to run and create actions using themembraneCLI. - Sanitization: Input validation and sanitization are performed by the Membrane platform backend.
Audit Metadata