Skills
skills/membranedev/application-skills/twikey/Gen Agent Trust Hub

twikey

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill recommends installing the official Membrane CLI (@membranehq/cli) from npm. This is an expected vendor-owned resource for the service integration.
  • [COMMAND_EXECUTION]: Utilizes the membrane CLI to manage connections and execute API actions. These operations are restricted to the scope of the Membrane platform.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: Specifically instructs the agent not to request or handle user secrets (API keys), instead deferring authentication to Membrane's secure server-side connection management.
  • [INDIRECT_PROMPT_INJECTION]: Ingests data from external API responses via Membrane actions. While this is an entry point for untrusted data, it is the primary purpose of the integration and contains no evidence of malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:18 PM