backlog
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This package is an official tool provided by the vendor to facilitate integrations and is considered a safe dependency for the intended use case. - [COMMAND_EXECUTION]: The documentation includes various command-line examples using the
membraneutility to manage projects and issues in Backlog. These commands are used for standard integration operations and do not show signs of malicious intent or unauthorized privilege escalation. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by directing users to a managed authentication flow (
membrane login) that uses a browser-based OAuth system, avoiding the need for hardcoded secrets or the manual handling of API keys within the instructions.
Audit Metadata