surveymonkey
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This tool is provided by the skill's author to manage service integrations. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line interface to perform actions such as logging in, connecting to SurveyMonkey, and executing survey-related tasks. These operations are within the scope of the skill's intended functionality. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. The skill explicitly follows best practices by using managed connections for authentication instead of requesting or storing raw API keys or tokens.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from SurveyMonkey (e.g., survey responses). While this presents a theoretical surface for indirect injection if responses contain malicious instructions, the skill implements a brokered action model via the Membrane platform which helps isolate the execution environment.
Audit Metadata