Skills
skills/membranedev/application-skills/wealthengine/Gen Agent Trust Hub

wealthengine

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the Membrane CLI (@membranehq/cli@latest) from the public npm registry. This is a vendor-owned package used to facilitate platform interactions.
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform several operations:
  • Authenticating the agent via membrane login.
  • Establishing connections to WealthEngine via membrane connect.
  • Discovering and executing actions via membrane action list and membrane action run.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its data processing capabilities:
  • Ingestion points: User-supplied natural language intents are used in membrane action list and membrane action create. Additionally, the skill processes parameters provided to membrane action run.
  • Boundary markers: None are explicitly defined in the provided instructions to separate user input from system prompts.
  • Capability inventory: The skill can execute actions on the WealthEngine platform (via Membrane), including managing data and records, which involves subprocess calls to the Membrane CLI.
  • Sanitization: There is no explicit mention of sanitization or validation of the input strings before they are passed to the CLI commands or the platform.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 11:50 PM