circleci
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm to facilitate communication with the vendor's platform. - [COMMAND_EXECUTION]: Utilizes various
membraneCLI subcommands (e.g.,login,connect,action run,request) to perform authentication, discover connectors, and execute CircleCI API operations. - [DATA_EXFILTRATION]: While the skill accesses sensitive CircleCI data such as environment variables and project configurations, this behavior is documented as the primary function of the tool and uses the vendor's own authenticated proxy infrastructure.
Audit Metadata