erpnext
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clitool from the official npm registry. This package is the standard interface for the Membrane platform, which is the vendor of this skill. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform administrative and data tasks. Authentication is handled through a secure browser-based login flow (membrane login), ensuring that sensitive credentials are not stored locally or handled directly by the AI agent. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its primary function of processing external data from ERPNext.
- Ingestion points: Data retrieved via document listing and retrieval actions (e.g., Customers, Leads, Sales Orders).
- Boundary markers: Not present in the instruction templates.
- Capability inventory: The skill can modify data in ERPNext using
membrane action runandmembrane request. - Sanitization: Not specified in the provided markdown instructions.
- [SAFE]: No malicious intent, obfuscation, or unauthorized access patterns were detected. The skill explicitly promotes secure practices, such as avoiding manual handling of API keys.
Audit Metadata