brightpearl
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This tool is the official command-line interface provided by the skill's author to manage integrations and authentication securely. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to manage connections and interact with the Brightpearl API. This includes commands for logging in, searching for connectors, and executing API actions or proxy requests. - [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential management by explicitly advising against manual API key handling. It leverages the Membrane platform's server-side authentication lifecycle, ensuring that secrets are not stored or handled directly by the agent instructions.
- [PROMPT_INJECTION]: The skill was assessed for indirect prompt injection risks associated with processing data from the Brightpearl API.
- Ingestion points: External data enters the agent context through the output of CLI commands like
membrane action runandmembrane request. - Boundary markers: There are no explicit delimiters defined for the data returned from the API.
- Capability inventory: The skill allows for shell command execution and network operations through the Membrane proxy toolset.
- Sanitization: No specific sanitization or filtering of API responses is documented within the skill body.
Audit Metadata