mail-blaze
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via npm. This is a vendor-owned resource used to facilitate communication with the Membrane platform and is considered safe within the context of this skill.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI for authentication, connection management, and running actions. These operations are standard for the platform's functionality and do not exhibit suspicious behavior.
- [DATA_EXFILTRATION]: The skill provides an interface to read and write data from Mail Blaze (emails, contacts, etc.). While this introduces a potential surface for indirect prompt injection from external email content, the skill appropriately delegates credential management to the Membrane platform, reducing the risk of secret exposure.
Audit Metadata