sellhack
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) via npm. This is the official tool provided by the vendor for interacting with their platform and is considered a safe dependency within the context of the skill's purpose. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against asking users for API keys or tokens. Instead, it uses the
membrane connectworkflow, which manages authentication server-side without exposing secrets in the local environment. - [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI (
membrane) to perform actions such as searching for connectors, connecting to services, and running API actions. These commands are part of the intended integration logic and do not involve arbitrary or dangerous shell execution. - [DATA_EXFILTRATION]: No patterns for sensitive data exfiltration were detected. The skill interacts with the SellHack API through a managed proxy that handles authentication headers securely.
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were found in the instructions or metadata.
Audit Metadata