tradeshift
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the NPM registry. This is a verified tool provided by the vendor to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: Leverages the
membraneCLI for authenticating, connecting to the Tradeshift service, and executing integration actions. This command execution is the primary and intended mechanism of the skill. - [PROMPT_INJECTION]: The skill ingests data from external Tradeshift records, creating a surface for potential indirect prompt injection.
- Ingestion points: Data returned by the
membrane action runcommand in SKILL.md. - Boundary markers: None explicitly defined in the prompt templates.
- Capability inventory: Execution of shell commands via the
membraneCLI. - Sanitization: No specific sanitization logic is implemented in the skill instructions.
Audit Metadata