teamcity
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via NPM. This is the official command-line interface tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform authentication (membrane login), establish service connections (membrane connect), and execute build actions (membrane action run). These commands are standard operations for the integration's functionality. - [DATA_EXFILTRATION]: The skill coordinates data exchange between the local agent and the TeamCity server through a third-party service (Membrane). It reduces the risk of credential exposure by explicitly instructing the agent to manage authentication through the service rather than asking the user for raw API tokens or keys.
- [PROMPT_INJECTION]: The skill ingests data from external TeamCity actions. This creates a surface for indirect prompt injection where data from build logs or project metadata could influence agent behavior, though the skill does not include specific unsafe interpolation patterns.
Audit Metadata