leapfin
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally from the npm registry. This is a vendor-owned tool used to facilitate the integration and manage authentication.
- [COMMAND_EXECUTION]: The instructions rely on the 'membrane' command-line interface to perform operations such as logging in, connecting to services, and running actions. These commands are used as intended for the primary purpose of the skill.
- [PROMPT_INJECTION]:
- Ingestion points: External data from Leapfin is ingested into the agent context through the output of 'membrane action run' and 'membrane action list' commands as described in SKILL.md.
- Boundary markers: The instructions do not define specific delimiters or boundary markers to isolate external data from the agent's system instructions.
- Capability inventory: The skill possesses the capability to execute shell commands via the Membrane CLI and initiate network connections to the vendor's platform.
- Sanitization: There is no explicit evidence of sanitization or validation of the external data before it is processed by the agent. This represents a standard indirect prompt injection surface for data integration skills.
Audit Metadata