aloha-pos
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage, which is the official command-line tool for the Membrane platform and is maintained by the skill's vendor. - [COMMAND_EXECUTION]: It utilizes the
membraneCLI for authentication, connection management, and action execution. These commands are standard operations for the platform's intended use. - [DATA_EXFILTRATION]: The skill enables the transfer of point-of-sale data (orders, customers, and payments) through the Membrane service. It avoids local credential exposure by using an external authentication flow managed by the service.
- [PROMPT_INJECTION]: The skill processes external data from Aloha POS, which is a potential surface for indirect prompt injection. * Ingestion points: External POS data enters the agent context via the output of
membrane action runin SKILL.md. * Boundary markers: No specific delimiters or instruction-ignoring warnings are present in the skill's instructions. * Capability inventory: The skill has the capability to execute shell commands via themembraneCLI as documented in SKILL.md. * Sanitization: There is no documented sanitization or validation of the data retrieved from the POS system.
Audit Metadata