lean-technologies
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a legitimate tool provided by the skill author (membranedev) for interacting with their integration platform. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to perform actions, manage connections, and proxy API requests. These commands are standard for the tool's operation and do not involve unauthorized privilege escalation or persistence mechanisms. - [PROMPT_INJECTION]: As with any skill that processes external API data or accepts user-provided input for API parameters (e.g., via the
--inputflag), there is a surface for indirect prompt injection. The skill mitigates this by encouraging the use of pre-built actions and platform-managed proxy requests rather than manual construction of sensitive operations. - [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill explicitly instructs users to let the platform handle authentication and warns against asking for API keys directly.
Audit Metadata