chef
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the public NPM registry. This is the official tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill uses various shell commands to interact with the Membrane CLI, including
membrane login,membrane connect, andmembrane action run. These commands are used to facilitate infrastructure automation through the platform. - [CREDENTIALS_SAFE]: The skill explicitly instructs the agent to avoid requesting or handling raw API keys or secrets directly, instead leveraging the platform's server-side connection management to handle the authentication lifecycle securely.
- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes natural language intents and inputs to discover or execute actions. However, it incorporates these as standard operational parameters for the integration platform.
Audit Metadata