Skills
skills/membranedev/application-skills/woocommerce/Gen Agent Trust Hub

woocommerce

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI tool (@membranehq/cli) from the NPM registry. This package belongs to the vendor's official scope and is used to facilitate the integration.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various membrane CLI commands to perform tasks such as logging in, connecting to services, and running remote actions (e.g., membrane login, membrane connect, membrane action run).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes data from an external WooCommerce store (e.g., product descriptions or customer notes) that could contain malicious instructions.
  • Ingestion points: Data returned by the membrane action run and membrane action list commands which fetch dynamic content from WooCommerce (SKILL.md).
  • Boundary markers: The instructions do not define boundary markers or delimiters to help the agent distinguish between system instructions and data fetched from the external API.
  • Capability inventory: The agent has the capability to execute shell commands via the membrane CLI, providing a potential execution path if an injection is successful (SKILL.md).
  • Sanitization: No sanitization, filtering, or validation steps are described for the external data before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:37 PM