freshlearn
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage via npm. This is a legitimate global installation of the official command-line tool provided by the vendor (Membrane). - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to perform operations such as authentication, connection management, and action execution. These commands are essential for the skill's functionality and are used as intended by the platform. - [DATA_EXFILTRATION]: Security is enhanced by the skill's design, which explicitly instructs the agent to avoid asking for API keys or tokens. Instead, it uses a managed connection system where authentication is handled server-side by the vendor.
- [PROMPT_INJECTION]: The skill identifies a theoretical surface for indirect prompt injection as it processes data retrieved from the Freshlearn API.
- Ingestion points: External data enters the agent context through the output of the
membrane action runcommand. - Boundary markers: None explicitly defined in the skill instructions.
- Capability inventory: Includes the ability to list, create, and execute integration actions via the
membraneCLI. - Sanitization: The skill relies on structured JSON output from the CLI to manage data flow.
Audit Metadata