thru
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI to interact with the Thru platform. These commands are used for legitimate integration tasks such as connecting to services, searching for actions, and executing workflows. - [EXTERNAL_DOWNLOADS]: The skill relies on the
@membranehq/cliNPM package. This is the official tool provided by the vendor (Membrane) and is required for the skill to function as intended. - [DATA_EXFILTRATION]: The skill is designed to prevent data exposure by delegating authentication to the Membrane platform. It explicitly instructs the agent not to request or handle sensitive API keys or tokens locally.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it processes data retrieved from the external Thru platform. While no malicious patterns were detected in the instructions themselves, the agent should treat external data as untrusted content.
Audit Metadata