helpninja
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official Membrane CLI package (
@membranehq/cli) via npm. This is a trusted vendor tool required for the skill's primary functionality. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform authenticated operations, search for actions, and run integration logic. All commands are standard usage for the Membrane ecosystem. - [CREDENTIALS_UNSAFE]: The instructions explicitly follow security best practices by advising the agent never to ask for or handle raw API keys, delegating authentication to the Membrane connection manager.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes data from HelpNinja (customer records, tickets), the attack surface is managed by the Membrane platform's action schemas, and the instructions prioritize discovery of pre-built actions over raw API calls.
Audit Metadata