specify
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from NPM and usesnpxto run it. These are official packages provided by the vendor (membrane/membranedev) for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform tasks such as authentication, listing connections, and executing actions. These commands are part of the intended functionality for the Specify integration. - [DATA_EXPOSURE]: The skill explicitly advises against asking users for API keys or tokens, directing them to use the built-in connection management which handles authentication server-side. This is a positive security practice.
- [INDIRECT_PROMPT_INJECTION]: The skill allows creating and searching for actions based on natural language descriptions (intent). While this involves processing user input, the operations are scoped to the Membrane platform's action discovery and execution environment, which is the primary purpose of the skill.
Audit Metadata