jenkins-x
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via NPM. This is the official command-line interface for the Membrane platform and is hosted on the standard public registry. - [COMMAND_EXECUTION]: Instructions include several shell commands for the
membraneCLI to handle authentication, connection management, and running CI/CD actions. These are legitimate operations for the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The documentation includes a specific security advisory to never ask users for raw API keys or tokens, instead utilizing a server-side authentication lifecycle that minimizes local secret exposure.
Audit Metadata