nuapay
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a vendor-provided tool used to manage the integration and authentication lifecycle. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the Nuapay service. These commands are executed locally by the user or agent to manage payment data and automate workflows as intended by the skill's primary purpose. - [PROMPT_INJECTION]: The skill handles data from external Nuapay endpoints (such as reports and payment records). This represents a potential surface for indirect prompt injection if the ingested data contains malicious instructions, though this is a common characteristic of API-based integration skills.
Audit Metadata