safepay
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/cliglobal npm package. This is the official tool provided by the vendor (membranedev) to facilitate secure connections and is considered a safe vendor resource. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as searching for connectors, managing connections, and running Safepay actions. These commands are essential for the skill's functionality and operate within the vendor's managed ecosystem. - [PROMPT_INJECTION]: The skill processes data from the Safepay API. To mitigate indirect prompt injection risks, it recommends using pre-built actions with defined schemas and leveraging Membrane's managed infrastructure rather than raw API requests.
Audit Metadata