hookdeck
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official command-line interface for the Membrane platform, which is owned by the skill's author, and is a standard part of the setup process. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to execute tasks like connecting to services, searching for actions, and running workflows. These commands are restricted to the intended purpose of the integration. - [CREDENTIALS_UNSAFE]: The skill implements a secure authentication model by using
membrane loginandmembrane connect. It specifically instructs the agent never to ask the user for raw API keys or tokens, relying instead on the platform's managed authentication lifecycle. - [DATA_EXFILTRATION]: While the skill interacts with external webhook data via Hookdeck, there are no instructions or patterns that suggest unauthorized data collection or exfiltration to third-party domains.
- [PROMPT_INJECTION]: The skill processes data from Hookdeck (such as events and connection lists). While this presents a potential surface for indirect prompt injection from external webhook payloads, the skill does not contain any instructions that would facilitate the execution of malicious commands embedded in that data.
Audit Metadata