commercehq
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from NPM. This is the official command-line interface for the Membrane platform, provided by the skill's author.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'membrane' CLI to perform authenticated actions, search for connectors, and send proxy requests to the CommerceHQ API. These operations are within the expected scope of a management integration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes data from an external platform (CommerceHQ) which could contain adversarial instructions.
- Ingestion points: Data is ingested via actions such as 'list-orders', 'get-product', 'list-customers', and raw API requests via 'membrane request'.
- Boundary markers: The skill does not implement or recommend explicit boundary markers (e.g., delimiters) when the agent processes retrieved data.
- Capability inventory: The agent has the capability to perform file-system-like operations and network requests through the Membrane CLI ('membrane action run', 'membrane request').
- Sanitization: There is no evidence of data sanitization or validation performed on the retrieved CommerceHQ records before they are added to the agent's context.
Audit Metadata