groundhogg
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@membranehq/clipackage via NPM. This is the official CLI tool provided by the vendor (Membrane) to manage integrations and authentication. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with the GroundHogg API. This includes commands for searching connectors, managing connections, and executing specific CRM actions like listing contacts or creating notes. These commands are restricted to the intended purpose of the skill. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were found. The skill explicitly delegates authentication to the Membrane platform, ensuring that API keys and tokens are managed server-side rather than stored locally.
- [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. The network operations are limited to official GroundHogg API endpoints via the Membrane proxy, which is consistent with the skill's stated purpose.
Audit Metadata