procountor
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry to manage the integration with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform authentication, discover available actions, and execute data operations against the Procountor API. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and processing data from the external Procountor financial system.
- Ingestion points: Untrusted data enters the agent context through the output of
membrane action runcommands as described inSKILL.md. - Boundary markers: There are no specific delimiters or instructions provided to the agent to isolate or ignore embedded instructions within the retrieved financial data.
- Capability inventory: The skill utilizes subprocess calls to the
membraneCLI inSKILL.mdfor both data retrieval and action execution. - Sanitization: No sanitization or validation of external content is specified before the data is processed by the agent.
Audit Metadata