identitycheck
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official
@membranehq/clifor interacting with the IdentityCheck API. This is a vendor-owned tool that provides a secure interface for the agent to perform tasks. - [CREDENTIALS_UNSAFE]: The skill manages authentication through the
membrane loginflow, which keeps sensitive tokens within the platform's secure environment. It explicitly advises the agent against requesting API keys or tokens from the user, preventing credential exposure. - [COMMAND_EXECUTION]: Shell commands are used to execute the
membraneCLI for specific actions like listing connections or running verification checks. These commands are scoped to the skill's purpose and do not exhibit signs of arbitrary command injection. - [DATA_EXFILTRATION]: No unauthorized network operations or patterns of data exfiltration were detected. All data movement is confined to the authenticated IdentityCheck and Membrane infrastructure.
- [SAFE]: The skill processes data from external IdentityCheck actions, which is a standard surface for indirect prompt injection. However, it uses structured schemas and managed connections that minimize the risk of malicious content influencing the agent's behavior.
Audit Metadata