kindful
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official npm registry. This is a standard global installation for the developer's provided command-line interface tool. - [COMMAND_EXECUTION]: The skill uses shell commands prefixed with
membraneto perform login operations, manage connections, and execute integration actions. These commands are part of the intended functionality for interacting with the Membrane platform. - [DATA_EXFILTRATION]: The skill manages data retrieval and updates between the user's environment and Kindful via the Membrane service. It explicitly recommends letting the platform handle credentials server-side to avoid local secret exposure.
- [PROMPT_INJECTION]: The skill ingests data from external Kindful actions (such as records and reports). While this represents a surface for indirect prompt injection (ingesting untrusted data), it is handled via structured schemas within the developer's platform environment.
Audit Metadata