squarespace
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from npm. This is a vendor-provided tool required for the skill to interact with the Squarespace API via the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses various 'membrane' CLI commands to manage the Squarespace integration. These commands are used for logging in, listing connections, searching for actions, and executing them. This is the intended behavior of the skill.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill leverages the Membrane platform to handle authentication and API calls, ensuring that sensitive credentials are not stored locally or exposed in plain text.
- [PROMPT_INJECTION]: The skill ingests data from Squarespace (such as form entries or product details) which represents a potential surface for indirect prompt injection. However, there are no instructions that attempt to bypass safety filters or override agent behavior.
Audit Metadata