apploi
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, such as obfuscation, persistence mechanisms, or unauthorized data access, were detected in the skill instructions. The skill serves as a legitimate integration guide for the Apploi service.- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource belonging to the skill's author and is required for the integration's functionality.- [COMMAND_EXECUTION]: The skill utilizes themembraneCLI to perform actions and requests. These commands are used for authenticated API interaction and do not involve the execution of arbitrary or dangerous system commands.- [CREDENTIALS_UNSAFE]: The skill correctly directs users to use Membrane's connection system for authentication, which handles credential lifecycle and refresh server-side, preventing the exposure of API keys in the local environment.- [PROMPT_INJECTION]: While the skill interacts with external data (e.g., job descriptions, candidate notes), which constitutes an indirect injection surface, this is inherent to the skill's primary purpose and no specific vulnerabilities were found. 1. Ingestion points: Data from Apploi viamembrane action runandmembrane request. 2. Boundary markers: No specific delimiters are defined in the examples. 3. Capability inventory: Authenticated API requests and actions. 4. Sanitization: Not explicitly mentioned in the CLI usage guide.
Audit Metadata