mctime
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands using the
membraneCLI tool to manage time tracking data, connections, and API requests. - [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the official NPM registry, which is a resource provided by the skill author. - [PROMPT_INJECTION]: Ingests and processes structured data from the McTime API, which could potentially contain indirect instructions.
- Ingestion points: Data returned from
membrane action listandmembrane connection listcommands. - Boundary markers: Not present for command outputs.
- Capability inventory: Execution of shell commands and network proxy requests via
membrane action runandmembrane request. - Sanitization: No explicit sanitization or validation of external API response content is documented.
Audit Metadata