gatherup
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or high-risk security issues were detected. The skill instructions align with standard development practices for platform integrations.
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clitool from the NPM registry. This is a legitimate vendor tool required for the skill to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as logging in, creating connections, and running actions. These commands are scoped to the intended functionality of the skill and do not perform unauthorized system modifications. - [DATA_EXFILTRATION]: The skill handles communication with the GatherUp API through the Membrane proxy. It specifically advises against asking users for API keys, utilizing the platform's internal connection system to manage authentication securely.
- [PROMPT_INJECTION]: While the skill involves reading external data (e.g., customer reviews), which is a common vector for indirect prompt injection, it does not include instructions that would cause the agent to deviate from its intended behavior or bypass safety protocols based on that data.
Audit Metadata