cloudcart
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands via the Membrane CLI to handle authentication, connection management, and API interactions with CloudCart.
- [EXTERNAL_DOWNLOADS]: Downloads and installs the @membranehq/cli tool from the NPM registry to enable interaction with the Membrane platform.
- [PROMPT_INJECTION]: Ingests untrusted data from the CloudCart API (such as product details, order information, and customer records) into the agent's context. The absence of boundary markers or sanitization logic creates a surface for indirect prompt injection.
Audit Metadata