xero
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is a legitimate tool provided by the author to interface with the Membrane platform. - [COMMAND_EXECUTION]: The instructions leverage shell commands through the
membraneCLI to handle authentication, connection lifecycle, and action execution. These commands are necessary for the skill's operational logic. - [PROMPT_INJECTION]: An indirect prompt injection surface (Category 8) was identified.
- Ingestion points: The skill retrieves various financial records (invoices, contacts, reports) from the Xero API (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided skill instructions.
- Capability inventory: The skill possesses the capability to execute API actions (
membrane action run) and perform raw network requests (membrane request) (SKILL.md). - Sanitization: No sanitization or validation of the retrieved Xero data is performed before it is processed by the agent.
- [SAFE]: The skill follows security best practices by delegating authentication to the Membrane platform instead of requesting or storing sensitive API keys or OAuth tokens directly within the agent's context.
Audit Metadata