thoughtspot
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the official CLI tool from the vendor's NPM scope (@membranehq/cli). This is a standard distribution method for integration tools and targets the official registry.
- [COMMAND_EXECUTION]: Executes shell commands via the Membrane CLI to manage data connections and run analytics actions. These operations are consistent with the skill's stated purpose of ThoughtSpot integration.
- [CREDENTIALS_UNSAFE]: Implements secure authentication practices. The skill explicitly instructs the agent to use the platform's connection system and forbids asking users for sensitive tokens or API keys.
- [SAFE]: The skill ingests external data from ThoughtSpot through the CLI's output. While this provides a surface for data to enter the agent's context (SKILL.md), the skill does not implement any unsafe dynamic execution or high-privilege capabilities that would enable exploitation of this boundary.
Audit Metadata