bitbucket
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the '@membranehq/cli' package globally via NPM. This is a vendor-owned resource used for managing the integration and is considered a legitimate dependency.
- [COMMAND_EXECUTION]: The instructions utilize the 'membrane' CLI for authentication (login), connection management, and executing API actions. These commands are part of the core functionality for interacting with the Membrane platform.
- [SAFE]: The skill follows security best practices by delegating credential management and OAuth flows to a dedicated CLI tool and proxy service, ensuring that sensitive tokens are not handled directly within the agent's prompts or local files.
Audit Metadata