gpt-trainer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill uses standard CLI-based interactions with the vendor's official platform.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry, which is a trusted source for the vendor's own tools. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform operations like authentication, action discovery, and execution. These commands are localized to the intended functionality of managing Gpt-trainer resources. - [PROMPT_INJECTION]: The skill ingests data from the Gpt-trainer platform (e.g., chatbot sessions, messages). While this creates a surface for Indirect Prompt Injection if the ingested data contains malicious instructions, this is a common risk factor for integration skills and is mitigated by the agent's internal safety guardrails.
Audit Metadata