cognito
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include installing the
@membranehq/clipackage from the npm registry. This is a verified vendor resource used to facilitate integration with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to perform operations such as logging in, creating connections, and executing actions. These commands are part of the intended functionality for managing Cognito data. - [SAFE]: The skill follows security best practices by instructing the agent to never ask the user for API keys or tokens. Instead, it leverages the Membrane platform to manage the authentication lifecycle server-side, preventing the exposure of sensitive credentials in the local environment or agent logs.
Audit Metadata