hydrogen
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the @membranehq/cli package from the public npm registry. This is the official command-line tool provided by the vendor for managing integrations and authentication.
- [COMMAND_EXECUTION]: The skill instructions utilize the membrane CLI tool to perform various operations, including authenticating users, discovering API actions, and executing requests. This is the intended functional mechanism of the skill.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external APIs (Hydrogen/Shopify), which introduces a surface for indirect prompt injection where malicious content in the external data could attempt to influence agent behavior. 1. Ingestion points: API responses retrieved via membrane action run and membrane request as described in SKILL.md. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for processing external data. 3. Capability inventory: The agent has access to shell command execution through the membrane CLI. 4. Sanitization: The skill does not provide specific logic for sanitizing or validating content returned from the external API before it is processed by the agent.
Audit Metadata