authenticate-com
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include installing the @membranehq/cli package via npm. This is a tool provided by the vendor for interacting with their platform integration services.\n- [COMMAND_EXECUTION]: The skill relies on executing membrane CLI commands to manage authentication and interact with the Authenticate.com API. These operations are the core functionality of the skill.\n- [CREDENTIALS_UNSAFE]: The skill documentation correctly identifies the risk of handling API keys and directs the agent to use Membrane's managed connection system, which keeps secrets out of the local environment.\n- [PROMPT_INJECTION]: This skill presents a surface for indirect prompt injection as it processes external data from the Authenticate.com API via CLI outputs.\n
- Ingestion points: Output from membrane action list and membrane connection list commands.\n
- Boundary markers: Commands use the --json flag to ensure structured data is returned for parsing.\n
- Capability inventory: Subprocess execution is limited to the membrane CLI tool.\n
- Sanitization: The agent is instructed to use structured JSON output which minimizes the risk of executing embedded instructions.
Audit Metadata