payhere
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
@membranehq/clipackage from the NPM registry. This is an official utility provided by the vendor to facilitate secure authentication and interaction with the platform. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to perform operations such as searching for actions and running API requests. These commands are used as intended for managing connections and data within the vendor's ecosystem. - [PROMPT_INJECTION]: The skill processes financial data retrieved from the Payhere API, which presents a surface for indirect prompt injection. 1. Ingestion points: External data (e.g., customer records, payment statistics) enters the context via
membrane action runand proxy requests. 2. Boundary markers: None are explicitly defined in the instructions. 3. Capability inventory: The skill can execute CLI commands and make network requests via a managed proxy. 4. Sanitization: The skill relies on structured JSON inputs and pre-defined schemas for actions, which mitigates typical injection risks.
Audit Metadata