nulab
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the official Membrane CLI (
@membranehq/cli), which is installed via the standard NPM registry. This tool is required for the integration to interact with the vendor's platform. - [COMMAND_EXECUTION]: The instructions involve executing commands via the
membraneCLI to manage connections and run actions. These commands are part of the documented workflow for integrating with Nulab and do not exhibit malicious patterns. - [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to let the platform handle authentication and warns against asking the user for API keys or tokens. This is a significant security positive, as it prevents the exposure of sensitive credentials within the agent's memory or logs.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data retrieved from Nulab. However, the risk is mitigated by the use of structured actions and the platform's execution model. No boundary markers were specified, but the overall capability tier for this specific integration is considered low risk.
- [REMOTE_CODE_EXECUTION]: While the
membrane action createcommand dynamically generates integrations on the platform side, this is a core feature of the vendor's service and does not involve arbitrary command execution on the local host.
Audit Metadata