pobuca-connect
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a standard procedure for using the vendor's platform and does not pose a security risk in this context. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI tool to perform actions like searching for connectors, managing connections, and executing API requests. These commands are part of the intended functionality and are used as documented by the service provider. - [DATA_EXPOSURE]: The skill mentions indirect prompt injection as a theoretical risk (Category 8) because it fetches data from external sources (Pobuca Connect API) which is then processed by the agent. However, it explicitly follows best practices by recommending the use of pre-built actions that handle sanitization and by avoiding direct handling of API keys or tokens.
Audit Metadata