Skills
skills/membranedev/application-skills/transfi/Gen Agent Trust Hub

transfi

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the official @membranehq/cli package from the NPM registry to enable integration with the Membrane platform.
  • [COMMAND_EXECUTION]: Utilizes the membrane command-line utility for managing user authentication, establishing connections to TransFi, and executing payment-related actions.
  • [PROMPT_INJECTION]: The skill provides an interface for dynamic action creation and discovery which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through the intent parameter in the action list command and the DESCRIPTION parameter in the action create command.
  • Boundary markers: Command arguments are wrapped in quotes, but no specific boundary markers or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill allows execution of arbitrary shell commands via the membrane CLI, which in turn can execute remote logic on the Membrane platform.
  • Sanitization: Data validation and sanitization are managed server-side by the Membrane platform during action generation and execution.
  • [SAFE]: Credentials and authentication tokens are handled securely by the Membrane platform rather than being stored or requested by the skill instructions directly.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 02:49 PM
Security Audit — agent-trust-hub — transfi