datto-autotask
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill adheres to security best practices by using the Membrane platform to manage credentials, ensuring no API keys or sensitive secrets are stored locally or requested from the user.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry, which is the official tool for interacting with Membrane services.- [COMMAND_EXECUTION]: Employs themembraneCLI to execute tasks such as connecting accounts, searching for actions, and performing API requests through a managed proxy.- [PROMPT_INJECTION]: The skill processes external data from Datto Autotask records, creating a potential surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Datto Autotask records and API responses (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Execution of actions and proxy requests via themembraneCLI (SKILL.md). 4. Sanitization: No sanitization or validation of external data is specified.
Audit Metadata