pushpay
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
@membranehq/clitool from the official npm registry. This is a vendor-owned resource used for interfacing with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line tool to handle login procedures, manage connection lifecycles, and execute requests against the Pushpay API. - [PROMPT_INJECTION]: As an integration that retrieves external data (donations, member records, and form entries), the skill has an indirect prompt injection surface.
- Ingestion points: API response data is ingested through the
membrane action runandmembrane requestcommands. - Boundary markers: No explicit delimiters are specified in the instructions to separate untrusted data from agent instructions.
- Capability inventory: The skill can perform shell commands via the
membraneCLI and make network requests through the Membrane proxy. - Sanitization: The skill relies on the agent's internal safety filters and the structured nature of the JSON responses for data safety.
Audit Metadata