assetsonar
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a vendor-provided tool used to manage the lifecycle of the integration and is treated as a trusted resource within the vendor's ecosystem. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to perform actions such asmembrane login,membrane connect, andmembrane action run. These commands are standard for this vendor's integrations and are used to interact with the AssetSonar API via a secure proxy. - [DATA_EXFILTRATION]: The skill allows the agent to retrieve asset, software, and user data from AssetSonar. While this involves data leaving the AssetSonar platform, it is the primary intended purpose of the skill and is performed through authenticated requests managed by the Membrane service.
Audit Metadata