databowl
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned resource used for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill uses shell commands via the Membrane CLI (e.g.,
membrane login,membrane action run) to interact with the Databowl service. These operations are restricted to the scope of the integration and do not involve unauthorized system access. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network operations are directed to the vendor's official domain (
getmembrane.com) for the purpose of managing Databowl records. - [PROMPT_INJECTION]: The instructions do not contain any patterns typical of prompt injection or attempts to bypass agent safety guidelines.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets. It explicitly advises against asking users for API keys, instead using an automated OAuth/connection flow managed by the Membrane platform.
Audit Metadata