woodpeckerco
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI via npm (
@membranehq/cli@latest). As the skill is authored by the same vendor, this is considered a legitimate and expected installation of platform-specific tooling. - [COMMAND_EXECUTION]: The integration logic relies on executing
membraneCLI commands to manage connections and run actions. These commands are used according to standard platform patterns for discovery and execution, with no evidence of shell injection or malicious command piping. - [SAFE]: There is a discrepancy between the skill's description (Woodpecker.co sales platform) and the provided documentation link (Woodpecker CI). This appears to be a metadata error rather than a malicious attempt at deception, as the core functionality remains tied to the official Membrane connector.
Audit Metadata