followup
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is a standard requirement for interacting with the Membrane ecosystem and the package originates from the platform's official registry. - [COMMAND_EXECUTION]: The skill utilizes specific shell commands to interact with the Membrane CLI tool. These commands are scoped to authentication (
login), connection management (connect), and executing predefined API actions (action run), which is consistent with its stated purpose of CRM integration. - [CREDENTIALS_UNSAFE]: The skill implements secure credential handling by explicitly advising against asking for or storing API keys locally. Instead, it uses Membrane's connection system to handle authentication and token refreshes server-side.
- [DATA_EXFILTRATION]: Network operations are conducted via a proxy (
membrane request), which ensures that authentication headers are injected securely by the platform rather than handled by the agent directly.
Audit Metadata