timewax
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions include the installation of the
@membranehq/clipackage from the NPM registry. This is the official tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses several CLI commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the Timewax API. These commands are the intended way to facilitate the integration and do not involve arbitrary or dangerous shell execution. - [DATA_EXFILTRATION]: No unauthorized data transfer or credential harvesting patterns were detected. The skill specifically advises against asking users for API keys, instead utilizing Membrane's server-side authentication management.
- [PROMPT_INJECTION]: The instructions do not contain attempts to override system prompts or bypass safety guidelines. The provided metadata and descriptions are consistent with the skill's resource planning functionality.
Audit Metadata