yuki
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official utility provided by the vendor (Membrane) to manage the integration and its dependencies. - [COMMAND_EXECUTION]: The instructions direct the agent to interact with the environment through the
membranecommand-line interface. This includes executing commands for user authentication, connecting to the Yuki service, and performing data operations via actions. - [DATA_EXPOSURE_INDIRECT_INJECTION]: The skill presents an interface for executing actions based on natural language intent and dynamic JSON input. This creates a potential surface where untrusted data (such as content from support tickets) could be interpolated into command arguments. However, the skill leverages the Membrane platform's abstracted action system, which reduces the risk of direct credential or system exposure.
Audit Metadata