Skills
skills/membranedev/application-skills/openpayd/Gen Agent Trust Hub

openpayd

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli package from the NPM registry to enable integration with the Membrane platform.
  • [COMMAND_EXECUTION]: Uses the membrane CLI to perform authentication, manage payment connections, and execute API actions against the OpenPayd platform.
  • [PROMPT_INJECTION]: The skill processes data from the OpenPayd API, which represents an attack surface for indirect prompt injection. Ingestion points: API responses from membrane action run and membrane request commands (SKILL.md). Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded in the retrieved payment data. Capability inventory: Shell command execution via the membrane CLI (SKILL.md). Sanitization: No explicit sanitization or validation of the API responses is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 09:05 AM