shoprocket-co
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the global installation of the
@membranehq/clipackage, which is the official command-line interface for the Membrane platform. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to manage authentication, connection establishment, and API request execution. - [PROMPT_INJECTION]: The skill provides an interface for ingesting and processing data from the Shoprocket API, creating a surface for potential indirect prompt injection.
- Ingestion points: Data enters the agent's context from the Shoprocket API via the
membranecommand-line tool. - Boundary markers: No delimiters or instructions are specified to distinguish between tool instructions and external data.
- Capability inventory: The skill possesses shell command execution capabilities through the CLI.
- Sanitization: No sanitization or validation of external data is described.
Audit Metadata