yoco
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of a vendor-specific CLI tool. * Evidence: npm install -g @membranehq/cli@latest (SKILL.md).
- [COMMAND_EXECUTION]: The agent is instructed to interact with the system and remote services using CLI commands. * Evidence: Commands such as membrane login, membrane action list, and membrane action run are used to manage the integration (SKILL.md).
- [REMOTE_CODE_EXECUTION]: The skill provides a mechanism to generate and execute code at runtime based on descriptive strings. * Evidence: The membrane action create command takes a 'DESCRIPTION' and automatically builds executable logic (SKILL.md).
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it ingests and processes untrusted data from an external API. * Ingestion points: Data returned from the Yoco API via membrane action run (SKILL.md). * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation. * Capability inventory: Access to system commands via the membrane CLI and the ability to dynamically create new actions (SKILL.md). * Sanitization: There is no evidence of sanitization or schema validation for data retrieved from the external source.
Audit Metadata