learndash
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the npm registry. This is a legitimate vendor-owned tool required for the skill to function. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions such as listing courses, enrolling users, and querying the LearnDash API. These commands are used as intended for LMS management and do not exhibit malicious behavior. - [DATA_EXFILTRATION]: The skill interacts with the LearnDash API through a proxy managed by Membrane. While this involves network data transfer, it is the primary purpose of the skill and uses the vendor's secure infrastructure (getmembrane.com).
- [SAFE]: The skill follows security best practices by instructing the user to use a managed connection for authentication rather than hardcoding API keys or secrets.
Audit Metadata