time-doctor
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from npm. This is the official command-line interface for the service provided by the skill author. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform various tasks such as authentication (membrane login), connecting to Time Doctor (membrane connect), and executing API actions (membrane action run). These are standard operations for the service's functionality. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. The skill explicitly advises using Membrane to handle authentication to avoid exposing raw API keys or tokens in the local environment.
- [PROMPT_INJECTION]: While the skill interacts with external data from Time Doctor which could theoretically contain malicious instructions (Indirect Prompt Injection), there are no specific unsafe interpolation patterns detected. The skill follows a structured approach to action discovery and execution.
Audit Metadata