weweb
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the official NPM registry. This tool is a vendor-provided resource necessary for the skill to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
membraneCLI to handle authentication, manage connections, and execute actions. These operations are standard for the skill's intended purpose and follow the vendor's official integration path. - [CREDENTIALS_UNSAFE]: The skill implements a secure authentication flow using
membrane login, which delegates credential management to the vendor's platform. It explicitly advises against requesting or storing sensitive API keys directly, adhering to security best practices. - [PROMPT_INJECTION]: The skill ingests data from external WeWeb actions via the CLI. This constitutes an attack surface for indirect prompt injection from untrusted data, which is common in integration skills; however, the use of a managed intermediary platform reduces the risk of direct exploitability.
Audit Metadata