snipcart
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the @membranehq/cli package from the official npm registry to facilitate communication with the Membrane platform.
- [COMMAND_EXECUTION]: Instructs the agent to execute shell commands using the membrane CLI for account authentication, service connection, and action execution.
- [DATA_EXFILTRATION]: Employs the Membrane platform's connection management to handle authentication server-side, which prevents the need for the agent or user to handle raw Snipcart API keys locally.
- [SAFE]: The skill interacts with external data (Snipcart orders and customers) and possesses action execution capabilities, which represents a potential surface for indirect prompt injection; however, these operations are conducted through the vendor's official platform using structured schemas and pre-built actions.
Audit Metadata