thai-post
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the public NPM registry, which is a standard procedure for this vendor's tooling. - [COMMAND_EXECUTION]: The instructions involve executing
membraneCLI commands to manage connections and run actions related to Thai Post. These operations are scoped to the authenticated user's account and the specific integration. - [CREDENTIALS_UNSAFE]: The skill explicitly adheres to security best practices by instructing the agent to never ask the user for API keys or tokens, instead using managed connections for authentication.
- [DATA_EXFILTRATION]: While the skill processes external tracking and postal data from Thai Post, it does so through a controlled action-running mechanism.
- Ingestion points: Data enters the context via
membrane trackandsearchaction outputs (SKILL.md). - Boundary markers: Absent.
- Capability inventory: Subprocess execution of
membrane action run(SKILL.md). - Sanitization: Not explicitly documented in the markdown body, but the use of structured JSON output (
--json) provides a layer of schema validation.
Audit Metadata