everestcard
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows best practices by using a managed CLI (Membrane) to handle authentication and credentials, preventing the exposure of API keys or secrets.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a verified vendor resource owned by membranedev. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line tool to perform actions like searching for connectors, logging in, and executing API requests. These operations are restricted to the intended functionality of the integration. - [INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the Everestcard API via
membrane action runandmembrane request. This creates an ingestion surface for untrusted external data. - Ingestion points: API responses from
membrane requestand action outputs. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Subprocess execution (via
membraneCLI) and network operations. - Sanitization: Standard LLM-side sanitization is assumed; no specific escaping is implemented in the skill scripts.
Audit Metadata