yardstik
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official Membrane CLI (
@membranehq/cli) for authentication and API interaction. This is a vendor-owned tool and its use is consistent with the skill's stated purpose. - [SAFE]: Authentication is handled through the
membrane logincommand, which avoids the need to store or handle raw API keys or secrets directly within the skill or the agent's environment. - [SAFE]: Network operations are conducted through the Membrane CLI and its proxy service, which manages the secure injection of credentials and headers for communication with the Yardstik API.
- [SAFE]: No evidence of prompt injection, obfuscation, data exfiltration, or unauthorized persistence mechanisms was found.
Audit Metadata