sage-accounting
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI tool using the command
npm install -g @membranehq/cli@latest. This package is a core component provided by the vendor (membranedev) to facilitate communication with the Sage Accounting API. - [COMMAND_EXECUTION]: The skill operates by executing shell commands using the
membraneCLI. This includes logging in, establishing connections, and running specific accounting actions. These commands are necessary for the skill's primary function and are used as intended by the vendor. - [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection as it processes data from external Sage Accounting records.
- Ingestion points: Data enters the agent's context when retrieving record details (e.g.,
list-sales-invoices,get-contact) and when searching for actions viamembrane action listin SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore instructions within the retrieved data are defined in the skill instructions.
- Capability inventory: The agent has the capability to execute shell commands via the Membrane CLI and to dynamically generate new actions.
- Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from the Sage Accounting API before it is processed by the agent.
Audit Metadata