asknicely
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membranecommand-line interface to interact with the AskNicely API. Commands are used for logging in, managing connections, and executing predefined actions (e.g.,membrane action run). This is the intended and documented method for this integration. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a standard dependency for the toolset provided by the skill's author. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing Membrane's connection system to handle authentication server-side, which reduces the risk of credential exposure in logs or prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data when retrieving survey responses (e.g., via the
get-responsesaction). While this represents a potential vector for indirect prompt injection if the agent processes these responses without sanitization, the risk is inherent to the primary purpose of the skill (managing feedback) and is considered low within the context of standard operations.
Audit Metadata