wesupply
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is a vendor-provided tool from the skill author (membranedev) used to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: Uses various
membraneCLI commands to search for connectors, authenticate, and run API actions. These operations are scoped to the intended functionality of the WeSupply integration. - [DATA_EXFILTRATION]: Explicitly recommends against manual credential handling, instructing users to use Membrane's connection management system which avoids exposing API keys in local scripts or command history.
- [PROMPT_INJECTION]: Analyzed for potential indirect prompt injection vulnerabilities as the skill processes data from external WeSupply API endpoints.
- Ingestion points: WeSupply API responses containing return and shipment details (SKILL.md).
- Boundary markers: None explicitly mentioned in the processing instructions.
- Capability inventory:
membrane action runandmembrane request(SKILL.md). - Sanitization: Standard handling by the underlying CLI tool is expected, but no specific sanitization logic is described in the skill instructions.
Audit Metadata