smarterpay
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage. This is a vendor-owned resource provided by the author for managing integrations. - [COMMAND_EXECUTION]: Shell commands are used to initialize connections and execute actions through the
membraneCLI tool. - [PROMPT_INJECTION]: The skill processes data from the SmarterPay API, which creates a surface for indirect prompt injection from external payment records. Ingestion points: Data is retrieved through the output of
membrane action runand proxy request commands. Boundary markers: Not present in the provided instructions. Capability inventory: Includes action execution and network proxying via the Membrane service. Sanitization: Relies on structured action schemas provided by the platform.
Audit Metadata