jack-henry
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli tool from the npm registry to manage service connections. This is a recognized vendor resource for the Membrane platform.
- [COMMAND_EXECUTION]: Utilizes shell commands via the membrane CLI to perform operations such as authentication, connection management, and executing API actions against the Jack Henry platform.
- [DATA_EXFILTRATION]: Accesses sensitive financial information including customer details, account balances, and transaction history. Data is handled through the Membrane proxy which manages authentication and session lifecycle server-side.
- [PROMPT_INJECTION]: The skill processes data from the Jack Henry API which enters the agent context and could theoretically contain malicious instructions. Ingestion points: API responses from membrane action run and membrane request commands. Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided. Capability inventory: The skill has the capability to execute shell commands through the CLI. Sanitization: No explicit data sanitization or validation logic is defined in the documentation.
Audit Metadata