userflow-1
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from npm. This is an official tool provided by the vendor to manage integrations and authentication securely. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform actions like authentication, connection management, and running integration logic. These commands are scoped to the intended functionality of the skill. - [CREDENTIALS_SAFE]: The skill explicitly advises against handling raw API keys or tokens, directing users to use its built-in connection management system. This reduces the risk of credential exposure in logs or environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill accepts natural language descriptions to search for or create actions. While this is a data ingestion surface, the risk is limited as the input is used as a query for the vendor's platform rather than being directly executed as code.
Audit Metadata