paymo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the @membranehq/cli package from the official NPM registry. This is a verified vendor resource owned by membranedev.
- [COMMAND_EXECUTION]: Operates by executing shell commands via the membrane CLI to manage connections, query actions, and proxy requests to the Paymo API.
- [PROMPT_INJECTION]: Processes external data from Paymo (such as task comments and lead details), which presents a standard surface for indirect prompt injection. While the skill does not define specific boundary markers for this data, it is a known risk inherent to integration skills and is handled within the vendor's CLI environment.
Audit Metadata