Skills
skills/membranedev/application-skills/akeneo/Gen Agent Trust Hub

akeneo

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform queries and actions against the Akeneo API. This is the primary intended functionality of the skill.\n- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the NPM registry and uses npx for action discovery. These are official tools provided by the vendor.\n- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection when processing retrieved Akeneo data.\n
  • Ingestion points: Product records, attributes, and categories retrieved from Akeneo via membrane action run or membrane request commands.\n
  • Boundary markers: Absent. The instructions do not define delimiters or specific system instructions to ignore embedded commands within the retrieved product content.\n
  • Capability inventory: Execution of shell commands via the membrane CLI and proxied network requests to the Akeneo API.\n
  • Sanitization: Absent. Data retrieved from the external Akeneo API is processed without explicit sanitization or strict schema validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:54 AM