ongage
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This package is the official tool provided by the skill's author (membranedev) for managing integrations. - [COMMAND_EXECUTION]: The skill relies on executing
membraneCLI commands to perform actions such as authentication, connection management, and running Ongage API tasks. The authentication flow uses a secure login mechanism (membrane login) that avoids storing or requesting raw API keys from the user. - [PROMPT_INJECTION]: The skill features dynamic action discovery and creation (
membrane action create "DESCRIPTION") which uses natural language processing. While this is an ingestion point for potentially untrusted data, it is a core feature of the Membrane platform's abstraction layer and is mitigated by the platform's internal processing and the requirement for user-driven connections.
Audit Metadata