knack
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package via npm, which is the official command-line interface for the Membrane platform.
- [COMMAND_EXECUTION]: Employs the membrane CLI tool to manage Knack connections and execute actions. This is the primary method of interaction and is used according to the vendor's specifications.
- [PROMPT_INJECTION]: Indirect prompt injection risk analysis: Ingestion points: Knack record data accessed via get-record, list-records, and request commands in SKILL.md. Boundary markers: None present. Capability inventory: Command execution via membrane action run and membrane request in SKILL.md. Sanitization: None explicitly defined. This is a standard data ingestion surface for this type of integration and no malicious content or bypass attempts were detected.
- [SAFE]: No evidence of malicious behavior, obfuscation, or unauthorized data access was found. Authentication and credential management are securely handled by the Membrane platform.
Audit Metadata