finapi
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage from the official NPM registry. This tool is provided by the vendor to facilitate secure communication with the FinAPI service. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI tool for managing connections, listing financial actions, and executing API requests. These commands are necessary for the integration's core functionality. - [PROMPT_INJECTION]: The skill's ability to ingest and process external financial data from bank accounts introduces a potential surface for indirect prompt injection.
- Ingestion points: API response data retrieved through
membrane action runand proxy requests documented inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate or ignore potentially malicious instructions embedded in the external data.
- Capability inventory: The agent can use the CLI to perform sensitive financial operations, including initiating payments and modifying account categories.
- Sanitization: The skill description does not specify any validation, filtering, or sanitization of the data retrieved from the FinAPI endpoints before it is processed by the agent.
Audit Metadata