elastic-path
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a vendor-owned package used to facilitate the integration. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform several operations, including user authentication (login), searching for connectors, managing connections, and executing commerce actions. - [DATA_EXFILTRATION]: While the skill communicates with Elastic Path APIs via the Membrane proxy, this behavior is documented and represents the primary intended functionality of the skill. No unauthorized or suspicious exfiltration was detected.
- [CREDENTIALS_UNSAFE]: The skill explicitly advises against hardcoding API keys or secrets, instead instructing the agent to use Membrane's connection management system which handles credentials server-side.
Audit Metadata