Skills
skills/membranedev/application-skills/sonarcloud/Gen Agent Trust Hub

sonarcloud

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the vendor-specific CLI tool using npm install -g @membranehq/cli@latest. This is a standard installation procedure for the Membrane platform.
  • [COMMAND_EXECUTION]: The skill utilizes the membrane command-line tool to perform various tasks, including logging in (membrane login), connecting to services (membrane connect), and running integration actions (membrane action run).
  • [REMOTE_CODE_EXECUTION]: The skill features dynamic action generation through membrane action create, where the platform builds integration logic based on a natural language description. This logic is then executed on the Membrane server-side infrastructure when the action is run.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential management practices by explicitly instructing the agent never to ask for API keys or tokens, instead relying on Membrane's server-side connection management system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:11 PM
Security Audit — agent-trust-hub — sonarcloud