Skills
skills/membranedev/application-skills/invoiced/Gen Agent Trust Hub

invoiced

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally from npm. This tool is a vendor-owned resource provided by the author to interact with the Membrane platform.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external data from the Invoiced API.
  • Ingestion points: Data retrieved from Invoiced using 'membrane action run' (e.g., customer details, invoice descriptions).
  • Boundary markers: Absent; there are no instructions to the agent to use delimiters or ignore instructions within the retrieved data.
  • Capability inventory: The skill allows for the creation and execution of dynamic actions ('membrane action create', 'membrane action run').
  • Sanitization: No validation or sanitization of the retrieved content is specified in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:50 PM
Security Audit — agent-trust-hub — invoiced