megaventory
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official @membranehq/cli tool from the npm registry to manage platform authentication and connectivity.
- [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI for service discovery, connection management, and running inventory actions.
- [DATA_EXFILTRATION]: Accesses inventory and order data from the Megaventory service; all traffic is routed through the vendor's authenticated proxy infrastructure.
- [PROMPT_INJECTION]: As the skill retrieves external data from the Megaventory API, there is a theoretical surface for indirect prompt injection, though no malicious patterns or unsafe interpolation were detected.
Audit Metadata