pricefy
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via 'npm install -g @membranehq/cli'. This is a standard dependency for the vendor's ecosystem and is used for its intended purpose.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to perform operations such as authentication, action discovery, and API requests. These commands are localized to the Pricefy integration logic.
- [DATA_EXPOSURE]: Authentication is handled through Membrane's managed connection system ('membrane login' and 'membrane connect'). This follows security best practices by avoiding the use of hardcoded credentials or local storage of API keys.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Pricefy API (product and competitor pricing). While this represents a potential surface for indirect prompt injection if the API content contains malicious instructions, the risk is considered low as the data is primarily structured pricing information.
Audit Metadata