tomato-pay
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the NPM registry, which is a verified tool from the skill's author to manage the integration. - [COMMAND_EXECUTION]: Provides instructions to execute shell commands using the
membraneCLI for logging in, establishing connections, and running payment-related actions. - [SAFE]: Authentication is handled through a managed OAuth-style flow (
membrane login), which eliminates the need for the skill to store or access hardcoded credentials or environment secrets. - [PROMPT_INJECTION]: The skill processes external data from the Tomato Pay API, which is an indirect injection surface.
- Ingestion points: Data enters the context through the output of the
membrane action runcommand. - Boundary markers: There are no explicit delimiters defined in the instructions to isolate external data.
- Capability inventory: The agent has the ability to run shell commands via the CLI to manage and execute API actions.
- Sanitization: No explicit sanitization or validation steps for external data are described in the skill markdown.
Audit Metadata