agenty
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Membrane CLI using the command
npm install -g @membranehq/cli@latest. This is a standard global installation of the vendor's official toolset and does not pose an atypical security risk for this use case. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the Agenty service. These are used according to the intended integration logic and do not involve obfuscation or privilege escalation. - [CREDENTIALS_SAFE]: The instructions explicitly follow security best practices by stating: 'never ask the user for API keys or tokens. Create a connection instead; Membrane manages the full Auth lifecycle'. This reduces the risk of credential leakage.
- [DATA_EXPOSURE]: There is an inherent indirect prompt injection surface as the skill processes data from external Agenty jobs and actions. However, this is consistent with the primary purpose of the skill and is handled via standard platform tools.
Audit Metadata