salesforce-pardot
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the public npm registry. This is a vendor-owned resource necessary for the skill to communicate with the Membrane platform. - [COMMAND_EXECUTION]: The instructions guide the agent to use the
membranecommand-line tool for authentication, connection management, and data retrieval. These operations are within the scope of the skill's intended purpose. - [REMOTE_CODE_EXECUTION]: Through the
membrane action createcommand, the skill can request the creation of new automation logic on the Membrane servers. This is a platform feature that allows the agent to dynamically extend its capabilities through the vendor's infrastructure. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against manual credential handling and instead using the Membrane platform's server-side authentication management.
Audit Metadata