kodagpt
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is the official command-line interface provided by the vendor (Membrane) and is required for the skill's core functionality. - [COMMAND_EXECUTION]: Several commands are used to interact with the Membrane CLI (
membrane login,membrane connect,membrane action list,membrane action run). These are standard operations for managing service connections and executing pre-defined actions within the vendor's ecosystem. - [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. The skill specifically advises letting Membrane handle credentials server-side rather than asking the user for API keys, which reduces the risk of secret exposure.
Audit Metadata