shopline
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data access behaviors were detected in the skill instructions or commands.
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the public NPM registry. This is a standard requirement for using the vendor's platform and follows documented practices for the authoring organization (Membrane). - [SAFE]: Analysis of the indirect prompt injection attack surface:
- Ingestion points: Data from the Shopline API (such as Customer, Order, and Product details) enters the agent's context when actions are executed via the CLI.
- Boundary markers: No explicit delimiters or isolation instructions are provided in the documentation.
- Capability inventory: The skill permits the agent to perform write operations (Create, Update, Delete) on the Shopline platform using the CLI.
- Sanitization: Not explicitly addressed in the skill markdown; the security of processing relies on the Membrane platform's internal handling of external data.
Audit Metadata