avochato
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the
@membranehq/clipackage from the NPM registry. This package is the official command-line tool for the platform developed by the skill author (membranedev). - [COMMAND_EXECUTION]: The skill operates by executing
membraneCLI commands to manage connections and run actions. These commands are used as intended for the skill's primary purpose of interfacing with the Avochato API via the Membrane middleware. - [DATA_EXPOSURE]: The skill explicitly instructs the agent to avoid asking users for API keys or secrets, instead utilizing a server-side connection model which enhances security by keeping credentials out of the prompt context.
Audit Metadata