Skills
skills/membranedev/application-skills/razorpay/Gen Agent Trust Hub

razorpay

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli global package via npm. This is the official command-line tool provided by the vendor for platform interaction.\n- [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform authentication, manage connections, and execute actions. These commands are intended for the skill's functionality and are performed in the user's environment.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves and processes data from the external Razorpay API.\n
  • Ingestion points: Data enters the agent's context through outputs from membrane action run and membrane request commands in SKILL.md.\n
  • Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between instructions and external data responses.\n
  • Capability inventory: The skill enables the agent to execute shell commands and perform network requests using the membrane CLI (SKILL.md).\n
  • Sanitization: There is no evidence of logic for sanitizing or validating external API responses before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:36 PM