bombora
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the NPM registry. This is the official command-line utility provided by the vendor (Membrane) to facilitate platform integrations. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform authentication, manage connections, and execute actions. These commands are necessary for the skill's stated purpose of interacting with the Bombora API through the Membrane gateway. - [REMOTE_CODE_EXECUTION]: Executes the Membrane CLI using
npx @membranehq/cli@latest, which dynamically downloads and runs the latest version of the vendor's tool from the official package registry. - [DATA_EXFILTRATION]: While the skill interacts with an external service (Bombora) and the Membrane platform, it does so using the vendor's managed infrastructure and provides explicit instructions to avoid handling raw credentials locally.
Audit Metadata