wachete
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@membranehq/clipackage, which is a verified vendor resource for the Membrane platform. This tool is necessary for the skill's intended functionality of interacting with the Membrane API. - [COMMAND_EXECUTION]: All command execution is scoped to the
membraneCLI tool. These commands are used for standard platform operations such as authentication, connection management, and action execution. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill explicitly follows best practices by using server-side credential management through Membrane connections rather than asking the user for sensitive API keys.
- [PROMPT_INJECTION]: The skill uses natural language 'intents' and 'descriptions' to discover or create actions within the Membrane ecosystem. While this represents a surface for indirect prompt injection, it is the primary intended functionality of the platform, and the risk is mitigated by the platform's own action validation layers.
Audit Metadata