goodbits
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official @membranehq/cli to manage authentication and execute actions, ensuring that API keys and secrets are never stored locally or exposed in plain text.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from npm (@membranehq/cli), which is a legitimate tool provided by the vendor membranedev.
- [COMMAND_EXECUTION]: The instructions involve running membrane CLI commands to interact with the Goodbits API; these are standard operations for the platform and are scoped to user-initiated tasks.
- [SAFE]: Regarding indirect prompt injection risks: (1) Ingestion points: Data is pulled from Goodbits analytics and email lists (SKILL.md); (2) Boundary markers: No specific delimiters are mentioned; (3) Capability inventory: The skill uses membrane action run and membrane request (SKILL.md); (4) Sanitization: The Membrane platform acts as an intermediary, reducing the risk of direct command injection. No malicious patterns were identified in the data handling logic.
Audit Metadata