linkly
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) globally via NPM. This package is an official tool provided by the vendor for platform interaction and authentication management.\n- [COMMAND_EXECUTION]: The skill utilizes several CLI commands includingmembrane login,membrane search,membrane connect, andmembrane action runto interact with the Linkly API and manage the integration environment.\n- [SAFE]: The skill demonstrates a strong security posture by delegating credential management to the Membrane platform. It explicitly instructs the agent not to request API keys or tokens from users, instead leveraging server-side OAuth flows managed by the CLI.\n- [SAFE]: Indirect Prompt Injection Surface: The skill ingests data from the Linkly API (ingestion points:membrane action runandmembrane requestoutputs mentioned inSKILL.md). While specific boundary markers are not defined, the agent's capabilities are scoped to the vendor-controlled CLI environment (capability inventory:membraneCLI), and the risk is assessed as safe given the primary purpose of the integration.
Audit Metadata