go-upc
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Instructs the installation of the
@membranehq/clitool from the npm registry. This is an official utility provided by the platform to manage service integrations. - [COMMAND_EXECUTION]: Uses various shell commands such as
membrane connect,membrane action list, andmembrane action runto interact with external APIs through a managed gateway. - [CREDENTIALS_UNSAFE]: Follows security best practices by explicitly instructing the agent not to request or store user API keys, instead utilizing the platform's server-side connection management.
- [DATA_EXFILTRATION]: No patterns of unauthorized data transfer or sensitive file access were detected. The skill focus is limited to product data lookup based on UPC codes.
Audit Metadata