bouncer
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned tool required for the skill's operation. - [COMMAND_EXECUTION]: The skill executes various
membraneCLI commands to manage authentication, connections, and service actions. These commands are part of the intended integration workflow. - [DATA_EXPOSURE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing a managed connection system that handles authentication server-side, reducing the risk of local credential exposure.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect instructions through the use of natural language intents and descriptions in commands like
membrane action listandmembrane action create. This is a documented feature of the platform and does not contain malicious patterns in the static instructions.
Audit Metadata