jp-funda
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage via NPM. This is an official tool provided by the platform vendor (Membrane) to manage API connections and is used here for its intended purpose. - [COMMAND_EXECUTION]: The agent is instructed to use various
membraneCLI commands, such aslogin,connect, andaction run, to manage authentication and interact with the JP Funda API. These are standard functional commands for the integration. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from the JP Funda API through
membrane action runandmembrane requestcommands (Ingestion point: SKILL.md). There are no explicit boundary markers or sanitization requirements specified for handling this external content. Since the agent has the capability to execute shell commands via the CLI (Capability inventory: SKILL.md), this creates a surface for indirect prompt injection where malicious instructions embedded in an API response could influence the agent's actions. Additionally, the metadata description ('Manage Organizations, Pipelines, Users, Filters') is inconsistent with the primary financial reporting functionality, which is misleading.
Audit Metadata