ratecard
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates legitimate integration patterns for interacting with the Ratecard platform through a centralized management tool provided by the vendor.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@membranehq/clipackage from the official npm registry. This is a verified tool from the vendor (membranedev) used to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: The skill interacts with the Ratecard API by executing shell commands via the
membraneutility. This approach allows the agent to perform data queries and actions while delegating authentication lifecycle management to the platform, which is a security best practice. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from external Ratecard API responses. 1. Ingestion points: Data returned from
membrane action runandmembrane requestcommands as described in SKILL.md. 2. Boundary markers: Absent; no specific delimiters or instruction-ignore warnings are used when processing external data. 3. Capability inventory: The agent can execute shell commands via themembraneCLI in SKILL.md. 4. Sanitization: Absent; no specific validation or filtering logic for incoming API data is mentioned.
Audit Metadata