fenergo
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official npm registry. This is the legitimate command-line interface provided by the vendor (membrane) for managing integrations.\n- [COMMAND_EXECUTION]: The skill utilizes themembraneCLI to perform authentication, manage connections, and execute actions. These operations are restricted to the scope of the Membrane platform and are necessary for the skill's primary function.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing data returned from Fenergo actions via themembrane action runcommand. This represents a risk factor where content from the external API could potentially influence agent behavior, although no malicious use is present in the static instructions.
Audit Metadata