bud
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official Membrane CLI (
@membranehq/cli) from the npm registry. This is a legitimate utility provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses various shell commands through the
membraneCLI to manage user sessions, connect to Bud, and execute actions. These operations are restricted to the intended functionality of the integration. - [DATA_EXFILTRATION]: While the skill involves sending data to and from Bud and Membrane, these operations are the primary purpose of the skill and utilize the vendor's secure authentication mechanism. No unauthorized third-party exfiltration was detected.
Audit Metadata