vendasta
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/cliglobally via npm. This is the official tool provided by the vendor (membranedev) to facilitate the integration. - [COMMAND_EXECUTION]: The documentation guides the user to run various shell commands using the
membraneCLI, including authentication (membrane login), connector setup (membrane connect), and action execution (membrane action run). These are standard tasks for the tool's operation. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes data from the Vendasta API.
- Ingestion points: Output from actions and proxy requests (e.g.,
membrane action run,membrane request). - Boundary markers: None explicitly mentioned in the skill content.
- Capability inventory: Shell command execution via the
membraneCLI and proxied network requests to the Vendasta API. - Sanitization: Relies on the host agent's standard input processing and safety filters.
- [SAFE]: The skill explicitly discourages the hardcoding or manual handling of API keys, delegating credential security to the Membrane platform's server-side management. No malicious patterns or obfuscated content were detected.
Audit Metadata