typingdna
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via NPM. This is an official utility provided by the skill's author to facilitate interactions with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform various operations, including authentication (membrane login), connection management (membrane connect), and running dynamic actions (membrane action run). These commands are standard for the tool's operation. - [CREDENTIALS_SAFE]: The skill explicitly follows secure credential management practices. It instructs the agent to use the platform's connection system rather than requesting API keys or tokens from the user, ensuring secrets are handled server-side.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect injection as it processes natural language descriptions to create actions and ingest data from TypingDNA. However, this functionality is the primary purpose of the integration, and no specific exploitable patterns were detected.
Audit Metadata