clerk
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is a vendor-owned package (membranedev) used for the platform's core functionality. - [DYNAMIC_EXECUTION]: The skill utilizes
membrane action create, which dynamically generates new API integration logic on the Membrane platform based on natural language descriptions. This is a core feature of the tool and is used to expand the skill's capabilities at runtime. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to interact with the service. These commands are part of the intended integration workflow for managing Clerk data. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from Clerk (e.g., user profiles, organization details) through
membrane action run. - Ingestion points: Data returned from
membrane action runandmembrane action list. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: The skill can create new actions, run existing actions, and manage connections.
- Sanitization: Not explicitly mentioned; the skill relies on the Membrane platform's internal handling.
Audit Metadata