flagsmith
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the Membrane CLI (
@membranehq/cli), which is a known vendor resource for this author, to manage interactions with Flagsmith. All sensitive operations, including authentication and proxying API requests, are handled through this CLI, reducing the risk of local credential exposure. - [SAFE]: Instructions explicitly advise against asking users for API keys or tokens, instead directing the use of the
membrane connectworkflow which manages secrets server-side. - [SAFE]: No suspicious patterns such as prompt injection, obfuscation, or unauthorized data exfiltration were detected. The use of global NPM installation for the CLI is standard for this type of integration.
Audit Metadata