hootsuite
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Membrane CLI to interact with the Hootsuite API. It provides commands for discovering actions, running predefined actions, and making direct API requests through a proxy. This is the primary method of operation and relies on the installed CLI tool.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry. This package is the official command-line interface for the Membrane platform, which the skill integrates with.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill adheres to security best practices by using an OAuth-based login flow managed by the Membrane platform, ensuring that tokens are handled securely and refreshed automatically.
- [PROMPT_INJECTION]: The skill processes external data from Hootsuite messages and profiles and has the capability to run CLI actions and API requests. No boundary markers or explicit sanitization logic are defined in the instructions, creating a surface for potential indirect prompt injection from untrusted social media content.
Audit Metadata