quickbooks
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI for managing QuickBooks data. This involves executing shell commands to authenticate, search for connectors, and run API actions. - [EXTERNAL_DOWNLOADS]: The documentation includes steps to install the
@membranehq/clipackage from NPM. This is a legitimate utility provided by the skill author (membrane) for service integration. - [PROMPT_INJECTION]: The skill interacts with external QuickBooks data (customers, invoices, etc.) which serves as an ingestion point for untrusted content. While the skill has command execution capabilities via the CLI, it follows security best practices for authentication. There are no explicit boundary markers or sanitization steps mentioned for processing the retrieved data, representing a surface for indirect prompt injection.
- [SAFE]: The skill implements security-conscious design by delegating authentication and token management to the Membrane platform, ensuring that the agent does not handle or store sensitive API keys or user credentials directly.
Audit Metadata