woocommerce
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool (@membranehq/cli) from the NPM registry to facilitate platform interaction.
- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' command-line interface to perform authentication, manage store connections, and trigger WooCommerce actions.
- [DATA_EXFILTRATION]: The skill enables data exchange with the WooCommerce API through Membrane's proxy service to manage products, orders, and customer data.
- [PROMPT_INJECTION]: The skill processes untrusted data from WooCommerce (e.g., orders, product descriptions), which presents an indirect prompt injection surface. Ingestion points: WooCommerce API via 'membrane' commands (SKILL.md). Boundary markers: None explicitly defined. Capability inventory: Subprocess execution via 'membrane' CLI (SKILL.md). Sanitization: None specified in the integration logic.
Audit Metadata