freeagent
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clinpm package. This is a vendor-owned resource used for the skill's primary functionality. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform actions like searching for connectors, connecting accounts, and running API actions. All commands are standard for the Membrane platform. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from Freeagent. * Ingestion points: External data enters via commands like
membrane action run list-invoicesormembrane requestwhich fetch data from the Freeagent API as documented in SKILL.md. * Boundary markers: The instructions do not specify explicit delimiters or warnings to ignore instructions embedded in the fetched data. * Capability inventory: The agent can perform write operations (create/update/delete) and arbitrary API requests viamembrane action runandmembrane requestin SKILL.md. * Sanitization: There is no mention of sanitizing or escaping the data retrieved from Freeagent before the agent processes it.
Audit Metadata