statusio
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool globally via NPM (
@membranehq/cli@latest) and utilizesnpxfor discovery tasks. These resources originate from the skill's official vendor infrastructure. - [COMMAND_EXECUTION]: The skill uses shell commands to authenticate (
membrane login), manage connections (membrane connect), and execute remote actions (membrane action run). Authentication is handled via a secure OAUTH-style flow that directs users to a browser, avoiding local credential exposure. - [DYNAMIC_EXECUTION]: The skill includes a feature to dynamically create new actions (
membrane action create) if existing ones do not meet requirements. This process occurs within the Membrane platform's managed environment. - [INDIRECT_PROMPT_INJECTION]: The skill discovers available actions by querying the Membrane registry (
membrane action list). While this introduces a remote data ingestion surface, the risk is mitigated by the platform's focus on structured action schemas and the inherent safety controls of the vendor's managed registry.
Audit Metadata