knorish
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior is consistent with its stated purpose of providing a CLI-based integration for the Knorish platform.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clifrom the official NPM registry. As this is the official tool provided by the vendor (membranedev), this download is considered safe and standard for the integration. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as listing and running actions. These commands are transparently documented and do not involve the execution of arbitrary or hidden scripts. - [CREDENTIALS_UNSAFE]: The skill follows recommended security practices by using the vendor's connection management system. It specifically instructs the agent not to ask for user secrets and instead handles authentication through the platform's secure server-side lifecycle.
- [SAFE]: Regarding indirect prompt injection surfaces, while the skill processes external data (outputs from the Knorish API), it does so through the vendor's managed action system. The ingestion points are bounded to the
membraneCLI environment, and no high-privilege capabilities are exposed to raw external data strings.
Audit Metadata