specific
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry and usesnpxto execute tools from the same scope. These are official tools provided by the platform vendor and are necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill relies on shell commands to interact with the Membrane platform, including authentication (
membrane login), connection management (membrane connect), and action execution (membrane action run). These commands are standard for the tool's intended use case. - [PROMPT_INJECTION]: The skill ingests data from external actions and connections (e.g., in
membrane action listormembrane action runoutputs). While the skill lacks explicit boundary markers or sanitization for this data, it is a standard interface for integration skills and does not currently exhibit signs of malicious intent or safety bypasses.
Audit Metadata