penta
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official vendor CLI tool
@membranehq/clivia npm. This tool is used for authentication and service orchestration. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line utility to perform actions such as creating connections, searching for API actions, and executing requests against the Penta API. These operations are within the scope of the skill's intended functionality. - [PROMPT_INJECTION]: The skill processes structured data from external API responses (e.g., action schemas). This introduces a potential surface for indirect prompt injection, but the risk is mitigated by the platform's reliance on structured JSON outputs and built-in security guardrails.
Audit Metadata