demandware
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is a vendor-provided tool required for the skill's functionality. - [COMMAND_EXECUTION]: Uses various shell commands (e.g.,
membrane login,membrane action run,membrane request) to interact with the Demandware API. These commands are used to manage authentication, discover resources, and perform data operations. - [DATA_EXFILTRATION]: While the skill communicates with external APIs, it does so through the Membrane platform which manages credentials and requests. No patterns of unauthorized sensitive data exfiltration (e.g., harvesting SSH keys or environment variables) were detected.
Audit Metadata