chargebee
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is a legitimate tool provided by the skill's author to interface with their platform. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands (e.g.,membrane connect,membrane action run,membrane request) to perform administrative tasks and data operations. These commands are the intended way to interact with the Chargebee API through the Membrane proxy. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Chargebee, such as customer records and invoices, which creates a surface for indirect prompt injection.
- Ingestion points: Data retrieved from Chargebee API via
list-*andget-*actions. - Boundary markers: None identified in the skill instructions.
- Capability inventory: The skill has the ability to create, update, and delete resources in Chargebee, as well as perform arbitrary API requests through the
membrane requestcommand. - Sanitization: No specific sanitization logic is provided; the skill relies on the agent's internal safety filters.
Audit Metadata