weclapp
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from NPM. This is a legitimate tool provided by the vendor to facilitate platform interactions.
- [COMMAND_EXECUTION]: Shell commands are used via the membrane CLI to manage connections, search for actions, and execute API calls. These are restricted to the vendor's own CLI tool functionality.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data from Weclapp, such as support tickets or customer notes, which may contain untrusted instructions. This is a common characteristic of data-processing integrations.
Audit Metadata