Skills
skills/membranedev/application-skills/zuora-billing/Gen Agent Trust Hub

zuora-billing

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the official '@membranehq/cli' package from the npm registry for command-line interactions.- [COMMAND_EXECUTION]: Uses the 'membrane' CLI to perform operations such as logging in, connecting to services, and executing billing actions.- [DATA_EXFILTRATION]: Facilitates the transfer of subscription and billing data between the user's environment and the Zuora Billing platform via the Membrane service.- [PROMPT_INJECTION]: Contains a surface for indirect prompt injection where untrusted user input is passed to shell commands:
  • Ingestion points: User-provided intents in 'membrane action list' and JSON data in 'membrane action run' (documented in SKILL.md).
  • Boundary markers: None present; the skill instructs the agent to pass user input directly as command arguments.
  • Capability inventory: CLI subprocess execution via the 'membrane' command (documented in SKILL.md).
  • Sanitization: No explicit sanitization or escaping of user input is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 09:23 PM
Security Audit — agent-trust-hub — zuora-billing