incidentio
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via npm (
@membranehq/cli). This is a tool provided by the skill's author to facilitate platform interactions. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to manage logins, create connections, and list or run actions. These commands are part of the intended workflow for the Membrane ecosystem. - [REMOTE_CODE_EXECUTION]: The skill features a dynamic capability where users can describe a desired action, and the Membrane platform builds it automatically (
membrane action create). While this involves dynamic code generation, it occurs within the vendor's managed environment. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by delegating credential management to the Membrane platform, explicitly advising against asking users for API keys or tokens.
Audit Metadata