duffel
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI (
@membranehq/cli) from the official npm registry. This is a legitimate dependency provided by the vendor for platform interaction. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as authentication, connection management, and action execution. These commands are documented and align with the skill's purpose of automating Duffel workflows. - [DATA_EXFILTRATION]: The skill follows security best practices by explicitly instructing the agent not to ask for or store API keys locally, instead relying on the platform's connection management system to handle credentials securely.
Audit Metadata