mercury
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage globally via npm. This package is the official tool for the Membrane platform (owned by the skill author) and is used to manage the integration workflow. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands through the
membranetool to handle authentication, connection management, and the execution of API actions. These operations are restricted to the functionality provided by the vendor's CLI. - [CREDENTIALS_UNSAFE]: The instructions explicitly follow best practices by advising the agent never to request raw API keys or tokens from the user, instead delegating all credential management to the platform's server-side connection handling.
- [SAFE]: The skill's documentation contains a link to the Mercury Web Parser (by Postlight) while describing banking actions for Mercury.com. This is identified as a benign documentation error rather than a malicious deception.
Audit Metadata