thanksio
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official Membrane CLI (
@membranehq/cli) for all operations. This tool is owned by the skill's author (membranedev) and is used for authenticated interactions with the Thanks.io API. All credentials and authentication tokens are managed server-side by the Membrane platform, which is a secure practice to prevent local credential exposure. - [SAFE]: No malicious patterns such as prompt injection, obfuscation, or data exfiltration were detected. All network operations are directed towards the vendor's own infrastructure (Thanks.io and Membrane).
- [SAFE]: While the skill processes data from an external API (Thanks.io), which is a common surface for indirect prompt injection, it is considered a standard operational risk for integration skills and does not indicate malicious intent. The skill uses structured JSON output for its commands, which facilitates safer data handling.
Audit Metadata