workos
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the npm registry. This is the official tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses various subcommands of the
membraneCLI (e.g.,login,connect,action run) to manage integrations. These commands are necessary for the skill's stated purpose of automating workflows via the Membrane platform. - [CREDENTIALS_SAFE]: The skill explicitly advises against asking users for API keys or tokens. Instead, it utilizes a server-side connection model where credentials are managed by the platform, reducing the risk of accidental credential exposure in logs or prompts.
- [DATA_INGESTION_SURFACE]: The skill processes data from WorkOS via the
membrane action runcommand. While this represents a surface for indirect prompt injection from external data, the risk is mitigated by the use of the vendor's managed infrastructure and standard CLI patterns. - Ingestion points: WorkOS records and event data retrieved via
membrane action run. - Boundary markers: Not explicitly defined in the CLI instructions.
- Capability inventory: The skill can execute shell commands (
membraneCLI) and provision new actions (membrane action create). - Sanitization: Relies on the Membrane platform's internal handling of action logic and output schemas.
Audit Metadata