freshbooks
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via NPM, which is the vendor-owned CLI tool used to manage authentication and execute platform actions. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to interact with the Freshbooks API. This includes operations for searching connectors, authenticating users, listing records, and running specific actions like creating or deleting invoices. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves and processes external data from Freshbooks.
- Ingestion points: External data enters the agent context via actions like
list-sales-invoices,get-contact, andlist-productsas defined in SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent processes retrieved data.
- Capability inventory: The skill includes capabilities to modify or delete data, such as
delete-sales-invoice, and make arbitrary API requests throughmembrane requestas documented in SKILL.md. - Sanitization: No data sanitization, validation, or filtering logic is specified for the content returned from the Freshbooks API.
Audit Metadata