kontomatik
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry and occasionally usesnpxto run the latest version of the CLI directly. - [COMMAND_EXECUTION]: Employs the
membranecommand-line interface to manage authentication (login), establish service links (connect), and interact with financial data endpoints (action run,request). These are legitimate operations for the skill's stated purpose. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted external data from financial transaction histories and bank statements.
- Ingestion points: Data enters the agent context via the output of
membrane action runandmembrane requestcommands inSKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes the retrieved financial data.
- Capability inventory: The skill has the ability to execute shell commands via the Membrane CLI and make network requests.
- Sanitization: There is no explicit sanitization or validation logic described for the data retrieved from the Kontomatik API before it is processed by the agent.
- [SAFE]: The skill author ('membrane') provides their own official CLI and infrastructure. All external resources and domains (getmembrane.com, @membranehq/cli) are verified vendor resources, representing standard and transparent functionality.
Audit Metadata