flexmail

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package globally from the npm registry. This is the official command-line tool provided by the vendor (Membrane) to facilitate the integration and is a standard requirement for using their services.
  • [COMMAND_EXECUTION]: The instructions utilize various shell commands via the membrane CLI, such as membrane login, membrane connect, and membrane action run. These commands are used to authenticate the agent, establish a connection to Flexmail, and execute marketing actions like listing contacts or creating webhooks.
  • [DATA_EXPOSURE]: While the skill interacts with sensitive marketing information (contacts, campaigns, and SMS messages), it implements a secure architecture by leveraging a connection manager. This avoids hardcoding secrets or requiring the user to handle raw API keys locally, as authentication is managed server-side.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:12 PM
Security Audit — agent-trust-hub — flexmail