nets-group
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry, which is the standard tool for interacting with the developer's platform.
- [COMMAND_EXECUTION]: The skill performs shell execution using the membrane CLI to login, search for connections, and run actions against the Nets Group API.
- [DATA_EXFILTRATION]: The skill facilitates data movement between the Nets Group payment gateway and the agent environment. This data transfer is mediated by a secure proxy provided by the vendor, which handles authentication tokens and credential refresh.
- [PROMPT_INJECTION]: The skill processes data from the Nets Group API, which constitutes an indirect prompt injection surface. Ingestion points: API data received through membrane action run and membrane request commands. Boundary markers: None. Capability inventory: Use of the membrane CLI to interact with merchant and payment data. Sanitization: None specified.
Audit Metadata