soax
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages authentication and API calls through the Membrane CLI and platform, which is the intended behavior for this vendor's integrations.
- [COMMAND_EXECUTION]: The skill requires the installation and use of the
@membranehq/clitool. These commands are standard for the platform's workflow and do not include suspicious or obfuscated parameters. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly advises against asking the user for API keys or tokens, delegating credential management to the Membrane service, which reduces the risk of credential exposure.
- [METADATA_POISONING]: There is a minor inconsistency in the YAML frontmatter description (referencing CRM entities like Deals and Leads) while the body describes a proxy service. This appears to be a documentation artifact and does not present a security risk.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized remote code execution patterns were detected.
Audit Metadata