purple-dot
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the NPM registry. This is a standard installation procedure for the vendor's command-line interface. - [COMMAND_EXECUTION]: The skill makes extensive use of shell commands through the
membraneCLI to log in, connect to services, and run actions. These operations are limited to the scope of the Membrane platform. - [REMOTE_CODE_EXECUTION]: The
membrane action createcommand allows the agent to generate new functionality on the Membrane server based on a natural language description. While this involves dynamic code generation, it occurs within the vendor's managed environment. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly advises against manual credential handling, instructing the agent to use
membrane connectfor OAuth-based authentication. This reduces the risk of credential leakage within the agent's context.
Audit Metadata