cradlepoint
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a scoped package belonging to the skill's authoring organization and is the primary tool for the integration. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to authenticate, manage connections, and execute actions. These operations are restricted to the functionality provided by the vendor's platform. - [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were detected. Authentication is handled server-side by the Membrane platform, and the skill explicitly advises against asking users for API keys.
- [PROMPT_INJECTION]: No evidence of prompt injection, role-play overrides, or system prompt extraction was found in the instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the Cradlepoint API through the
membrane action runcommand. This represents a potential indirect injection surface where external data enters the agent's context, but this is consistent with the skill's primary purpose of data integration.
Audit Metadata