quipu
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm, which is the official command-line tool for the Membrane platform. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform various operations, including authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These are standard operations for the platform's functionality. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external financial data from the Quipu API into the agent context, which represents a potential surface for indirect prompt injection.
- Ingestion points: Data is retrieved through
membrane action runandmembrane requestcommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are used for the retrieved data.
- Capability inventory: The skill possesses the ability to execute shell commands and perform network requests via the Membrane proxy.
- Sanitization: No data validation or sanitization is specified for the API responses before they are processed by the agent.
Audit Metadata