qualys
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI tool (@membranehq/cli) from the npm registry, which is a well-known and standard package distribution service.
- [COMMAND_EXECUTION]: The instructions involve executing commands using the membrane CLI for authentication, searching for actions, and running integrations. These commands are necessary for the skill's intended functionality and utilize official vendor tooling.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration was found. The skill documentation explicitly promotes security best practices by advising the agent to never ask users for API keys or tokens, instead delegating authentication to the Membrane platform.
- [DYNAMIC_EXECUTION]: The skill describes a process for dynamically creating actions based on descriptions through the vendor's platform. This is an intended feature of the Membrane integration logic and occurs within the vendor's managed environment.
Audit Metadata