workfront
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from the npm registry. This is a vendor-controlled tool necessary for the skill's functionality.
- [COMMAND_EXECUTION]: Execution of project management tasks and integration logic is performed via shell commands using the Membrane CLI (e.g., membrane login, membrane action run).
- [DATA_EXPOSURE_AND_EXFILTRATION]: Authentication is managed through a secure server-side flow provided by the vendor, preventing the exposure of hardcoded secrets or local credential storage. The skill explicitly advises against asking users for API keys.
Audit Metadata