cuttly
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official command-line tool for the Membrane platform and is a trusted resource from the skill's author. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions like shortening URLs, deleting links, and retrieving analytics. These commands are part of the intended functionality and are executed with user-provided parameters. - [DATA_EXFILTRATION]: Authentication is managed via
membrane loginandmembrane connect, which use a centralized and secure flow. This approach prevents sensitive Cutt.ly API keys from being hardcoded or exposed in the skill's logic. - [PROMPT_INJECTION]: The skill ingests data from Cutt.ly (such as link statistics and metadata). While this constitutes an indirect prompt injection surface, there is no evidence of malicious instructions embedded in the data processing flow.
Audit Metadata