navigatr
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This package is the primary interface for interacting with the vendor's automation platform. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to perform operations such as authentication, listing connections, and running actions. These are standard administrative and operational tasks for this type of integration. - [DATA_EXFILTRATION]: The skill facilitates data movement between Navigatr and the agent via the Membrane service. It correctly advises against local secret storage, instead using a connection-based model where the vendor manages authentication lifecycle server-side.
- [PROMPT_INJECTION]: As the skill ingests data from external APIs (Navigatr) through its action runner, it contains an inherent surface for indirect prompt injection. However, this is expected behavior for an automation tool, and the skill includes instructions to use structured JSON output to mitigate parsing ambiguities.
Audit Metadata