crezco
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry. This is the vendor's own tool and is a standard requirement for the skill's functionality.- [COMMAND_EXECUTION]: The skill uses several CLI commands (membrane login, membrane connect, membrane action run) to facilitate the integration. These commands are necessary for platform interaction.- [SAFE]: The skill implements best practices by instructing the agent not to handle or request user API keys, instead utilizing the platform's secure server-side credential management.- [PROMPT_INJECTION]: The 'membrane action create' command allows for dynamic creation of actions based on user-provided descriptions. This constitutes an indirect prompt injection surface where user input (description) defines the resulting integration logic. Capability: membrane action run. Ingestion: description parameter. Sanitization: Handled via the vendor's backend.
Audit Metadata