botpenguin
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli global package via npm, which is the official tool for the vendor infrastructure mentioned in the metadata.
- [COMMAND_EXECUTION]: It uses the membrane command-line tool for authentication, connection management, and executing API actions like listing chats and sending messages.
- [SAFE]: The skill is a standard platform integration. While it ingests external chat data from BotPenguin (creating a theoretical surface for indirect prompt injection), this is central to its documented purpose and no suspicious behavior was found.
Audit Metadata