toast
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's operations are transparent and align strictly with its purpose of managing restaurant data via an external integration platform.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is a vendor-owned dependency necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill instructs the agent to run the
membraneCLI tool for authentication, connection management, and action execution. This is the intended method for interacting with the service. - [PROMPT_INJECTION]: The skill processes external data (orders and customer records) from the Toast API, creating a surface for potential indirect prompt injection. Ingestion occurs during the execution of actions defined in SKILL.md. The agent's capabilities include executing CLI commands. There are no explicit boundary markers or sanitization steps described in the instructions, which is a common characteristic of data-integration skills.
Audit Metadata