pangea
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill instructs the installation of the
@membranehq/clipackage via npm to interface with Pangea. This is a legitimate tool provided by the skill author's organization for secure connection management. - [DATA_EXPOSURE_AND_EXFILTRATION]: The instructions explicitly advise users against sharing or storing API keys locally, instead utilizing a server-side connection model that minimizes the risk of credential exposure.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests data from external Pangea APIs (Audit logs, Intel reputations, etc.) into the agent's context using
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: Shell execution of the
membraneCLI tool for API interaction and connection management. - Sanitization: Not specified; the skill relies on the structured interface of the CLI for data handling.
Audit Metadata