ghost
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions require the installation of the
@membranehq/clipackage via npm. This is the official tool provided by the vendor (membranedev) to facilitate interaction with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform various operations, including authentication (membrane login), connection management (membrane connect), and data manipulation (membrane action run). These commands are standard for the intended integration and operate within the context of the user's authenticated session. - [SAFE]: The skill correctly avoids requesting hardcoded credentials or API keys, instead relying on the Membrane platform to handle OAuth flows and token management server-side. No malicious patterns such as obfuscation, persistence mechanisms, or unauthorized data exfiltration were detected.
Audit Metadata