amadeus
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and uses the
@membranehq/clipackage from the npm registry. - Evidence: Instructions include
npm install -g @membranehq/cli@latestandnpx @membranehq/cli@latestin SKILL.md. - Context: This is the official command-line tool for the Membrane platform, provided by the skill's author.
- [COMMAND_EXECUTION]: The skill relies on the
membranecommand-line utility to perform authenticated operations and query travel data. - Evidence: Commands such as
membrane login,membrane connect, andmembrane action runare used throughout the instructions. - Context: These operations are the standard method for using the Membrane integration layer and match the skill's stated functionality.
- [CREDENTIALS_UNSAFE]: The skill adopts secure secret management practices by delegating authentication to the Membrane platform.
- Evidence: The 'Best practices' section explicitly instructs the agent to avoid asking users for API keys or tokens, relying instead on server-side connection management.
Audit Metadata