flexmail
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage globally from the npm registry. This is the official command-line tool provided by the vendor (Membrane) to facilitate the integration and is a standard requirement for using their services. - [COMMAND_EXECUTION]: The instructions utilize various shell commands via the
membraneCLI, such asmembrane login,membrane connect, andmembrane action run. These commands are used to authenticate the agent, establish a connection to Flexmail, and execute marketing actions like listing contacts or creating webhooks. - [DATA_EXPOSURE]: While the skill interacts with sensitive marketing information (contacts, campaigns, and SMS messages), it implements a secure architecture by leveraging a connection manager. This avoids hardcoding secrets or requiring the user to handle raw API keys locally, as authentication is managed server-side.
Audit Metadata