appsignal
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI package (
@membranehq/cli@latest) from the official npm registry. This is a standard installation procedure for the vendor's own tooling. - [COMMAND_EXECUTION]: The instructions involve running several
membraneCLI commands for authentication, connection management, and executing actions. These are legitimate operations intended for interacting with the Membrane platform. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead using a server-side connection model where Membrane manages the authentication lifecycle. This is a recommended security practice.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from AppSignal (incidents, errors, performance issues) via Membrane actions. While this introduces a surface for indirect prompt injection from external monitor data, it is a standard risk for integration skills and the skill does not grant excessive autonomous capabilities that would escalate the risk.
Audit Metadata