paddle
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage from the official npm registry. This tool is provided by the skill's author (Membrane) to facilitate secure integration. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line interface to perform actions such as authentication (membrane login), connecting to services (membrane connect), and executing API operations (membrane action run,membrane request). These are standard operations for the intended integration. - [INDIRECT_PROMPT_INJECTION]: The skill enables the agent to fetch and process data from the Paddle API. This creates a surface where the agent might ingest untrusted content from external payment records or customer data.
- Ingestion points: Data is retrieved via
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The agent can perform read/write operations on Paddle data and execute local shell commands via the Membrane CLI.
- Sanitization: The skill advocates for using pre-built Membrane actions which provide structured data and built-in error handling.
Audit Metadata