drift
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package via npm, which is a verified tool from the skill's author used to facilitate platform interactions.
- [COMMAND_EXECUTION]: The skill leverages the membrane command-line tool to perform Drift-specific operations such as managing contacts, accounts, and conversations. These commands are used for legitimate business logic and do not perform unauthorized system modifications.
- [SAFE]: The skill implements secure credential management by using Membrane's built-in authentication proxy, ensuring that sensitive API keys or tokens are never stored locally or requested from the user. No evidence of prompt injection, obfuscation, or data exfiltration was found.
Audit Metadata