shopwaive
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the '@membranehq/cli' package globally via npm. This is a standard deployment step for the Membrane ecosystem to enable CLI-based interactions with connectors.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to perform several operations, including 'membrane login' for authentication, 'membrane connect' for establishing API links, and 'membrane action run' to execute remote logic.
- [PROMPT_INJECTION]: As the skill ingests and processes data from external Shopwaive accounts (such as Customer, Product, and Order data), it possesses an attack surface for indirect prompt injection. 1. Ingestion points: Shopwaive API data processed via actions (SKILL.md). 2. Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted data from agent instructions. 3. Capability inventory: 'membrane action run' and 'membrane request' (SKILL.md). 4. Sanitization: No explicit data sanitization or validation logic is present in the skill instructions.
Audit Metadata