twist
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from NPM. This is the official CLI for the Membrane platform, owned by the skill's author.
- [COMMAND_EXECUTION]: The skill utilizes membrane CLI commands for authentication and action management, which is the intended method for using this integration.
- [REMOTE_CODE_EXECUTION]: The membrane action create command facilitates dynamic logic generation on the Membrane platform. While this involves code execution, it occurs within the vendor's managed ecosystem as a primary feature.
- [PROMPT_INJECTION]: The skill facilitates processing of messages from Twist, creating an indirect prompt injection surface. Ingestion points: Twist data enters via action output. Boundary markers: None present. Capability inventory: Action execution and creation via CLI. Sanitization: None specified.
Audit Metadata