lookml
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and runs the
@membranehq/clipackage from the NPM registry, which is the vendor's official tool for platform integration. - [COMMAND_EXECUTION]: The skill utilizes various
membraneCLI commands to manage connections and interact with LookML data models via shell execution. - [PROMPT_INJECTION]: The skill processes external data, creating an indirect prompt injection surface. Ingestion points: Data enters the context via
membrane action runandmembrane requestcommands in SKILL.md; Boundary markers: None identified in the instructions; Capability inventory: The skill can execute shell commands and perform network requests via the CLI; Sanitization: No specific sanitization or filtering of API responses is mentioned. - [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential handling by advising against user-provided secrets and utilizing a managed authentication flow.
Audit Metadata