Skills
skills/membranedev/application-skills/jst-erp/Gen Agent Trust Hub

jst-erp

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI tool for operations such as logging in, connecting to services, and running actions. These shell commands are the primary method of interaction with the JST ERP system.
  • [EXTERNAL_DOWNLOADS]: The instructions include the installation of the @membranehq/cli package from the npm registry. This is a vendor-owned resource necessary for the skill's functionality.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data from an ERP system:
  • Ingestion points: External data enters the agent context via the output of membrane action run commands (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to treat the ingested data as untrusted or to ignore embedded commands.
  • Capability inventory: The skill has the capability to execute shell commands and manage remote actions via the Membrane CLI tool.
  • Sanitization: No validation or sanitization of the ERP data is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:10 PM