fatture-in-cloud
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing data from the Fatture in Cloud API (e.g., invoices and documents) via the
membraneCLI. • Ingestion points: External data enters through the output ofmembrane action runandmembrane requestcommands. • Boundary markers: None explicitly defined in the instructions. • Capability inventory: The agent can execute further shell commands via themembraneCLI. • Sanitization: No specific sanitization or validation of the API response data is described. This is an inherent property of integration skills and is classified as low risk. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations. All command invocations are limited to the vendor's official toolset. - [CREDENTIALS_UNSAFE]: The skill correctly instructs the user to use the vendor's connection management system, which avoids the need to handle or store sensitive API keys locally.
Audit Metadata