sailthru
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is the standard command-line interface provided by the vendor for interacting with their service. - [COMMAND_EXECUTION]: The skill uses local shell commands (
membrane login,membrane connect,membrane action run) to manage the integration. These commands are part of the official vendor toolkit and are used as intended for service orchestration. - [CREDENTIALS_UNSAFE]: The skill demonstrates a strong security posture by explicitly stating that users should never be asked for API keys or tokens. Instead, it uses a connection-based model where credentials are managed server-side by the Membrane platform.
- [INDIRECT_PROMPT_INJECTION]: The skill involves processing data from external actions (
membrane action run). While this represents a data ingestion surface, the skill is a standard integration tool and does not exhibit high-risk autonomous behavior or lack of oversight that would escalate the concern beyond a baseline risk factor.
Audit Metadata