dayschedule
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the public NPM registry. This is a standard installation procedure for the vendor's tooling. - [COMMAND_EXECUTION]: The skill uses shell commands to interact with the Membrane CLI for authentication, connection management, and running actions. These commands are part of the intended integration workflow.
- [CREDENTIALS_SAFE]: The skill demonstrates positive security practices by explicitly advising against asking users for API keys. It utilizes the
membrane loginandmembrane connectcommands, which handle authentication and token management server-side, preventing local credential exposure. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface area for indirect injection as it processes data from DaySchedule (such as booking details, user notes, and contact forms).
- Ingestion points: Data enters the context via
membrane action runoutputs from DaySchedule actions. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The skill can create, update, and delete DaySchedule resources via the CLI.
- Sanitization: Relies on the underlying Membrane platform and agent's native handling of external data.
Audit Metadata