jumpseller
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is a vendor-owned utility required to interact with the Membrane platform. - [COMMAND_EXECUTION]: Provides instructions for executing various shell commands via the
membraneCLI to manage store data, such asmembrane action runandmembrane connect. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests data from external Jumpseller API responses.
- Ingestion points: API response data from
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: Not present.
- Capability inventory: The skill can execute CLI commands and make network requests through the vendor proxy.
- Sanitization: None specified in the instructions; relies on platform-level handling.
Audit Metadata