cody
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute
membraneCLI commands to perform operations such as searching for connectors, establishing connections, and running specific Cody actions. - [EXTERNAL_DOWNLOADS]: The setup process involves installing the
@membranehq/clipackage from the npm registry, which is a common practice for platform-specific integrations and originates from the same author as the skill. - [PROMPT_INJECTION]: The skill possesses the capability to ingest untrusted data from external sources, specifically when creating documents from webpage URLs or listing messages. This represents a potential surface for indirect prompt injection, although the skill's design encourages the use of managed actions which typically incorporate safer handling than raw API calls.
Audit Metadata