canny
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the vendor's official CLI package (
@membranehq/cli) for interacting with the Canny API. - [COMMAND_EXECUTION]: The skill instructs the user to perform CLI operations for login and action execution. These are standard procedures for the Membrane ecosystem and do not involve suspicious or high-privilege commands.
- [EXTERNAL_DOWNLOADS]: The skill downloads the Membrane CLI from the official NPM registry. This is a trusted source and the package is maintained by the skill's author.
- [PROMPT_INJECTION]: The skill retrieves user-generated content from Canny (posts, comments), which represents a surface for indirect prompt injection. This is an inherent risk of any integration that processes external data and is handled within the context of the agent's data processing instructions.
Audit Metadata