pendo
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package via NPM. This tool is the primary interface for the vendor's services and is used for authentication and API interaction.
- [COMMAND_EXECUTION]: The skill provides several CLI commands using the membrane binary to search for connectors, manage connections, and execute actions against the Pendo API.
- [PROMPT_INJECTION]: The skill ingests data from Pendo into the agent's context. This is identified as a surface for indirect prompt injection, as the skill processes external data from Pendo APIs that could potentially contain malicious instructions from users of that platform.
Audit Metadata