xero
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the global NPM registry. This is a verified vendor package required for the skill to communicate with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (
membrane login,membrane connect,membrane action run) to manage the Xero lifecycle. These commands are scoped to the Membrane environment and are used to execute pre-defined actions. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads data (e.g., invoices, contacts) from an external service (Xero).
- Ingestion points: External accounting data enters the agent context via the output of
membrane action runcommands. - Boundary markers: Absent; data is returned as JSON and processed directly by the agent.
- Capability inventory: The skill can execute file-system commands via the CLI, modify records in Xero, and create new actions on the Membrane platform.
- Sanitization: No explicit sanitization or filtering of the Xero data is performed within the skill instructions.
- [SAFE]: The skill follows security best practices by delegating authentication to a specialized platform (Membrane) rather than requesting or storing raw credentials.
Audit Metadata