coupontools
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the official npm registry. This is a vendor-owned tool required for the skill's operation and authentication management.
- [COMMAND_EXECUTION]: Executes the membrane command-line tool for session authentication, connection setup, action discovery, and API execution.
- [PROMPT_INJECTION]: The skill processes data from Coupontools API responses, presenting an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through membrane action run and membrane request commands in SKILL.md.
- Boundary markers: There are no delimiters or specific instructions to the agent to disregard instructions within the fetched data.
- Capability inventory: The agent can execute shell commands via the membrane CLI to read from or write to the external service.
- Sanitization: No sanitization or validation logic is defined for data retrieved from external endpoints.
Audit Metadata