bigcommerce
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to use the membrane CLI for managing BigCommerce resources such as products, customers, and orders. This includes running predefined actions and making direct proxy requests to the BigCommerce API.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the @membranehq/cli global NPM package. This is a verified tool from the service provider (membranedev) used for authentication and API orchestration.
- [DATA_EXFILTRATION]: Employs a secure connection model where credentials are managed by the Membrane platform, reducing the risk of local secret exposure or unauthorized exfiltration.
- [PROMPT_INJECTION]: Potential for indirect prompt injection from processed external data. 1. Ingestion points: BigCommerce API data (products, orders, customers). 2. Boundary markers: Absent. 3. Capability inventory: Execution of membrane CLI commands and proxy requests. 4. Sanitization: Not specified in instructions.
Audit Metadata