knowfirst
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the vendor (Membrane) for managing integrations and secure authentication.- [COMMAND_EXECUTION]: Utilizes themembraneCLI to perform various tasks, including user authentication (membrane login), service connection (membrane connect), and action execution (membrane action run). These commands are standard operations for the tool's intended use-case.- [CREDENTIALS_UNSAFE]: Follows security best practices by explicitly instructing the agent never to request API keys or tokens from the user. Instead, it uses a connection-based model where the platform manages the authentication lifecycle server-side.- [DATA_EXFILTRATION]: The skill performs network operations to interact with KnowFirst and Membrane. All network activity is aligned with the skill's stated purpose of managing SaaS data and uses a secure, managed gateway.
Audit Metadata