open-accounting
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include the installation of the @membranehq/cli package from the npm registry. This is a vendor-provided tool required for the skill functionality.
- [COMMAND_EXECUTION]: The skill executes shell commands using the membrane CLI tool to manage accounting data and workflow automation. These commands include membrane login, membrane search, and membrane action run.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Open Accounting API, such as invoice and bill details, which enters the agent context via membrane action run and membrane request commands in SKILL.md. There are no explicit boundary markers or sanitization steps mentioned to mitigate potential indirect prompt injection from this external data, while the agent has the capability to execute further shell commands via the membrane CLI.
Audit Metadata