trackingtime
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the public NPM registry. This is the official CLI tool provided by the vendor (Membrane) to manage integrations. - [COMMAND_EXECUTION]: The skill uses various shell commands via the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run) to interact with the TrackingTime API and manage the integration lifecycle. - [INDIRECT_PROMPT_INJECTION]: The skill features an ingestion point where data from TrackingTime actions is returned to the agent context.
- Ingestion points: External data enters through
membrane action runoutputs described inSKILL.md. - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The skill can install packages (
npm install), execute shell commands (membraneCLI), and perform network operations via the Membrane platform. - Sanitization: No specific sanitization or filtering of external data is mentioned in the instructions.
Audit Metadata