pledgeling
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry. This is a legitimate tool provided by the skill's vendor (Membrane) to facilitate platform integrations. - [COMMAND_EXECUTION]: The skill uses various shell commands through the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run) to manage the Pledgeling lifecycle. These commands are restricted to the functionality of the Membrane platform. - [SAFE]: Authentication is handled server-side by Membrane, ensuring that sensitive API keys or OAuth tokens are never exposed within the skill's code or handled directly by the AI agent.
Audit Metadata