journeyfront
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool globally via npm (
@membranehq/cli). This is a legitimate tool provided by the skill's author to facilitate secure interactions with the Journeyfront API. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions, list connections, and proxy API requests. These commands are part of the intended functionality for data management and workflow automation. - [DATA_EXFILTRATION]: While the skill performs network operations to interact with Journeyfront, it explicitly discourages the collection of raw API keys and uses a managed connection system, which is a defensive measure against credential theft.
- [PROMPT_INJECTION]: The skill processes data returned from the Journeyfront API via CLI actions. While this represents a surface for indirect prompt injection if the external data contains malicious instructions, the risk is mitigated by the structured nature of the JSON responses and the agent's typical instruction following limits.
Audit Metadata