momo
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource used for its intended purpose of platform integration. - [COMMAND_EXECUTION]: The skill uses shell commands through the
membraneCLI to perform data operations, manage authentication sessions, and execute platform actions. These commands are documented and scoped to the vendor's integration logic. - [DATA_EXFILTRATION]: The skill demonstrates safe credential handling by explicitly directing the agent to use Membrane's server-side authentication flows rather than requesting API keys or sensitive tokens from the user.
- [PROMPT_INJECTION]: The skill ingests data from external actions and records, creating a surface for indirect prompt injection. However, the operations are limited to the vendor's CLI environment.
- Ingestion points: Output from
membrane action listandmembrane action runcommands. - Boundary markers: Absent.
- Capability inventory: Shell command execution via the
membraneCLI. - Sanitization: Absent.
Audit Metadata