buildbuddy
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage connections, search for actions, and execute integration logic with BuildBuddy. - [EXTERNAL_DOWNLOADS]: Fetches and installs the
@membranehq/clipackage from the NPM registry, which is the official tool provided by the vendor for interacting with their platform. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by processing user-supplied intents and JSON inputs to interact with external services.
- Ingestion points: SKILL.md (arguments for
membrane action listandmembrane action runcommands) - Boundary markers: Absent
- Capability inventory: Subprocess execution of the
membraneCLI across several operational scripts - Sanitization: Not explicitly defined in the skill; sanitization is handled by the Membrane CLI and its server-side infrastructure.
- [SAFE]: The skill follows security best practices by instructing the agent to never ask for or store API keys locally, delegating credential management to a secure external platform.
Audit Metadata