sofort
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@membranehq/cliNode.js package, which is installed from the official npm registry. This is a vendor-owned tool required for the skill to communicate with the SOFORT service through the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform legitimate operations such as user authentication, connection management, and action execution. These commands are standard for the tool's intended use case. - [SAFE]: The skill follows security best practices by delegating secret management to a centralized service, specifically instructing the user not to handle raw API keys. No evidence of prompt injection, obfuscation, or malicious data handling was found.
Audit Metadata