docupilot
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official
@membranehq/clipackage from the npm registry. This is a standard procedure for using the Membrane platform and facilitates secure communication with the service. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line tool to manage sessions, connect to Docupilot, and execute document automation tasks. All commands are limited to the intended functionality of the platform and do not involve privilege escalation or obfuscated execution. - [CREDENTIALS_UNSAFE]: The instructions include a 'Best practices' section that explicitly advises against hardcoding or requesting API keys from users, instead utilizing Membrane's server-side connection management for secure authentication.
- [DATA_EXFILTRATION]: No unauthorized data transfer or sensitive file access was detected. All network communication is performed through the vendor's official CLI tool to the documented Docupilot service.
Audit Metadata