shoprocket
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official Membrane CLI (@membranehq/cli) from the npm registry. This is a trusted dependency provided by the vendor to facilitate platform integration.
- [COMMAND_EXECUTION]: The instructions utilize the membrane CLI to manage connections and execute actions. These commands are restricted to the intended purpose of the skill and do not involve unauthorized system modifications.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: API response data from 'membrane action run' or 'membrane request' commands. Boundary markers: The skill relies on the structured nature of JSON tool outputs. Capability inventory: Access to the membrane CLI for API interactions. Sanitization: The skill promotes the use of pre-defined actions which include schema validation and built-in error handling.
Audit Metadata