statuscake
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official npm registry. This is a vendor-provided tool required for the skill's functionality. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to perform authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These operations are consistent with the skill's primary purpose of providing a StatusCake integration. - [DATA_EXFILTRATION]: No malicious network operations or sensitive data access patterns were detected. The skill specifically advises against asking users for secrets or API keys, delegating credential management to the Membrane platform instead.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources (StatusCake API results) and includes capabilities for dynamic action creation.
- Ingestion points: Data enters the context via
membrane action runandmembrane action listoutputs. - Boundary markers: None explicitly defined in the instructions for segmenting tool output.
- Capability inventory: Command execution via
membraneCLI, including the ability to create new actions. - Sanitization: Standard platform-level sanitization is assumed; no manual sanitization steps are provided in the instructions.
- [DYNAMIC_EXECUTION]: The
membrane action createcommand allows the agent to define new logic dynamically on the platform. This is a core feature of the vendor's architecture and is documented as the intended way to extend functionality.
Audit Metadata