payment-rails
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is an official tool provided by the vendor (membranedev) to interface with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes shell commands via the
membraneCLI for managing connections, creating actions from natural language descriptions (membrane action create), and executing payout operations (membrane action run). - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data from the Payment Rails platform.
- Ingestion points: External data enters the agent context through the outputs of the
membrane action listandmembrane action runcommands. - Boundary markers: There are no specified delimiters or 'ignore' instructions used to encapsulate the external data within the prompt.
- Capability inventory: The agent has the capability to execute financial transactions (payouts) and generate new logic via the CLI.
- Sanitization: The instructions do not define any sanitization, validation, or escaping of the external data before it is processed by the agent.
Audit Metadata