merge-1
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from NPM. This is the official command-line interface for the Membrane platform and is used to manage integrations. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to authenticate, create connections, and execute actions. These are standard operations for interacting with the platform's API. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing Membrane's managed authentication system which handles secrets server-side.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from third-party integrations (Merge), which represents a potential ingestion surface for untrusted data. However, the instructions encourage the use of pre-built actions which typically include platform-level handling for data structures.
Audit Metadata