encore
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is a vendor-owned resource used for the skill's core functionality. - [COMMAND_EXECUTION]: The skill instructs the agent to execute
membraneCLI commands to authenticate, manage connections, and run actions on the Encore platform. - [CREDENTIALS_UNSAFE]: The instructions explicitly follow security best practices by advising the user to use Membrane's connection system instead of providing raw API keys or tokens.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied natural language queries to search for or create actions. While this is an ingestion surface for external data, it is a standard part of the integration's design and does not present an immediate security risk in this context.
Audit Metadata