heartbeat
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is the official command-line interface provided by the vendor to facilitate secure communication with the Membrane platform. - [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line tool for lifecycle operations such as logging in, creating connections, and executing actions on the Heartbeat service. These commands are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: As the skill interacts with a community platform (Heartbeat) to fetch user-generated content such as threads, documents, and messages, there is an inherent surface for indirect prompt injection. This is a standard risk for integration skills and is mitigated by the skill's reliance on structured tool execution via the Membrane platform.
Audit Metadata