weclapp
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the global installation of the "@membranehq/cli" package. This is an official utility provided by the vendor (Membrane) to facilitate platform interactions.
- [COMMAND_EXECUTION]: The skill relies on the "membrane" CLI to perform actions, manage connections, and proxy API requests. These commands are standard for the vendor's integration framework and handle authentication securely.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data from the Weclapp ERP.
- Ingestion points: Data is ingested through actions like "list-tasks", "list-tickets", and "get-article".
- Boundary markers: There are no explicit markers defined in the skill to isolate ingested data.
- Capability inventory: The skill has the capability to write to the API via "membrane request" and creation actions.
- Sanitization: No explicit sanitization or validation of external data is mentioned in the skill documentation.
Audit Metadata