Skills
skills/membranedev/application-skills/campay/Gen Agent Trust Hub

campay

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [METADATA_POISONING]: The skill provides an official documentation link to Apple Pay (apple.com) while its stated purpose is integrating with CamPay, a campground-specific payment platform. This discrepancy is misleading and may cause confusion regarding the skill's actual integration targets.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external API responses, which creates a surface for indirect prompt injection if those responses contain malicious instructions.
  • Ingestion points: Data enters the agent's context through output from membrane action run and membrane request.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat external content as untrusted.
  • Capability inventory: The skill uses the membrane CLI to execute payment and account management actions.
  • Sanitization: No sanitization or validation logic is defined for the API data.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry to function.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands via the membrane CLI to interact with account, connection, and action management systems.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 08:27 PM