jumpseller
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli tool via NPM to facilitate interaction with the Membrane orchestration platform.
- [COMMAND_EXECUTION]: Uses the
membraneCLI to perform administrative and operational tasks such as logging in, creating connections, and executing actions against the Jumpseller API. - [DATA_EXFILTRATION]: Accesses and modifies storefront data including products, orders, and customer information. This activity is restricted to the Jumpseller service via managed authentication and is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill ingests data from external Jumpseller API responses which represents a potential surface for indirect prompt injection.
- Ingestion points: Store data retrieved through actions such as
list-productsandget-order(SKILL.md). - Boundary markers: Absent; data is processed as part of standard CLI output.
- Capability inventory: Supports write and delete operations on storefront resources (SKILL.md).
- Sanitization: Absent; relies on the underlying platform's handling of tool output.
Audit Metadata