code-dx
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by using the Membrane platform's connection management, which avoids the need to store or ask the user for sensitive API keys and credentials locally.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the official
@membranehq/clipackage from NPM. This is a verified resource provided by the platform vendor for interacting with their services. - [DYNAMIC_EXECUTION]: The skill utilizes
membrane action createto dynamically generate integration logic based on descriptions. While this involves runtime logic generation, it is an intended core feature of the Membrane platform and is managed within the vendor's secure environment. - [COMMAND_EXECUTION]: All shell commands listed (e.g.,
membrane login,membrane action list) are standard operations for the Membrane CLI tool and do not perform suspicious or unauthorized system modifications. - [PROMPT_INJECTION]: The skill processes user-provided natural language queries through the
--intentparameter to discover or create actions. This represents an indirect prompt injection surface typical for AI-integrated tools, which is mitigated by the platform's handling of action schemas.
Audit Metadata