goody
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs the Membrane CLI tool to interact with the Goody API. These commands are restricted to managing gift orders, products, and connection states within the vendor's managed environment.
- [EXTERNAL_DOWNLOADS]: The documentation directs users to install the @membranehq/cli package from the official npm registry. This package is owned and maintained by the skill's authoring organization.
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to avoid asking for or storing raw API keys, instead utilizing Membrane's built-in connection handling to manage authentication tokens securely on the server side.
Audit Metadata