sellsy
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm and suggests usingnpx @membranehq/cli@latestto discover actions. These resources are provided by the skill's author to facilitate interaction with the Membrane platform. - [COMMAND_EXECUTION]: The instructions guide the agent to execute various
membraneCLI commands, includingmembrane login,membrane connect, andmembrane action run. These commands are used to authenticate with the platform and perform operations on Sellsy data. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data retrieved from the external Sellsy API (e.g., deal names, person details, or task descriptions).
- Ingestion points: Data returned to the agent from commands like
membrane action runormembrane request(SKILL.md). - Boundary markers: The provided instructions do not include specific delimiters or instructions for the agent to ignore embedded commands within the Sellsy data.
- Capability inventory: The agent can execute CLI commands to fetch data and perform write operations (e.g., creating tasks or updating deals) via
membrane action run(SKILL.md). - Sanitization: There is no mention of sanitizing or validating the data retrieved from Sellsy before it is used in subsequent prompts or actions.
Audit Metadata