ometria
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package globally via npm. This is the official command-line interface for the Membrane platform, used to manage connections and execute actions.
- [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform operations such as searching for connectors, managing connections, and executing actions against the Ometria API.
- [PROMPT_INJECTION]: The skill processes data retrieved from the Ometria API (e.g., profiles, orders, custom events), which represents a surface for indirect prompt injection. 1. Ingestion points: Data returned from membrane action list, membrane action run, and membrane request commands in SKILL.md. 2. Boundary markers: None present in the instructions. 3. Capability inventory: Executes shell commands via the membrane CLI to interact with the external service. 4. Sanitization: No explicit sanitization or validation of the API response data is documented.
Audit Metadata