worldline
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clitool from npm, which is an official package maintained by the skill's author (membranedev). - [COMMAND_EXECUTION]: Uses the
membranecommand-line interface to interact with Worldline APIs, including managing connections and executing payment-related actions. - [CREDENTIALS_UNSAFE]: Demonstrates secure credential management by leveraging Membrane's server-side authentication system, explicitly avoiding the use of hardcoded API keys.
- [PROMPT_INJECTION]: The skill processes data from the Worldline API (Ingestion point:
membrane action runandmembrane requestin SKILL.md), representing a surface for indirect prompt injection. Capability inventory includes subprocess execution via the CLI. However, no malicious instructions or bypass attempts were detected, and the underlying platform provides the necessary sanitization logic.
Audit Metadata