successware21
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI package (
@membranehq/cli@latest) from the public NPM registry. This is a standard installation procedure for the platform and aligns with the vendor's provided identity. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as authentication (membrane login), connection management (membrane connect), and running business actions (membrane action run). These commands are scoped to the Membrane platform's integration logic. - [DATA_EXPOSURE]: The skill follows security best practices by explicitly instructing the agent not to request or handle raw API keys or tokens. Authentication is handled via a secure OAuth-style flow mediated by the CLI and the vendor's infrastructure.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the SuccessWare21 API through the
membrane action runcommand. While this represents a potential surface for indirect prompt injection, it is a standard characteristic of API-based integrations and the skill utilizes the vendor's structured execution environment.
Audit Metadata