degreed
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the public NPM registry. This is a verified tool belonging to the skill's vendor and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill provides instructions to execute various
membraneCLI commands for logging in, creating connections, and running actions. These commands are the intended way to interact with the platform and do not perform unauthorized operations. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses the Membrane platform to handle authentication and credential management server-side. This follows best practices by ensuring that no sensitive API keys or tokens are handled directly by the agent or stored in local configuration files.
- [INDIRECT_PROMPT_INJECTION]: The skill interacts with external learning data from Degreed and accepts natural language 'intents' for action discovery. While this represents a data ingestion surface, it is a standard functional requirement and the capabilities are scoped to the Degreed API actions authorized by the user.
Audit Metadata