onelogin
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the official NPM registry. This is a documented vendor tool used to facilitate communication between the agent and the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI for various operations such as authentication, listing actions, and running API requests. These commands are restricted to the functionality of the managed platform and are necessary for the skill's primary purpose.
- [DATA_EXFILTRATION]: While the skill manages sensitive identity data from OneLogin, it follows secure practices by ensuring that credentials (like API keys) are managed server-side by Membrane, preventing exposure in the local environment.
- [PROMPT_INJECTION]: The skill ingests data from OneLogin (e.g., users, events, reports) which could potentially contain instructions from untrusted sources. Evidence: 1. Ingestion points: Output from membrane action run and membrane request. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via membrane CLI. 4. Sanitization: Not explicitly defined. This ingestion is standard for such an integration and is considered a low-risk vulnerability surface.
Audit Metadata