userleap
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the official npm registry. This is the legitimate tool for the Membrane platform and follows standard installation patterns. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to manage authentication, search for actions, and execute integrations. These commands are scoped to the functionality of the Membrane platform. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from UserLeap (surveys, feedback) through action results. However, it mitigates this risk by utilizing structured JSON output formats (
--json) and delegating data processing to the platform's defined actions, which provide a layer of abstraction between raw data and agent logic.
Audit Metadata