dyspatch
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a standard requirement for using the vendor's platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as logging in, connecting to services, and executing actions. These commands are restricted to the functionality provided by the Membrane platform. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing Membrane's built-in connection management which handles OAuth and token refreshes server-side.
- [INDIRECT_PROMPT_INJECTION]: As the skill retrieves and processes data from external actions (Dyspatch), there is a theoretical surface for indirect prompt injection if the processed content contains malicious instructions. However, this is a standard risk for any API integration tool and no specific bypass patterns were detected.
Audit Metadata