podium
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry, which is a verified vendor resource for the author membranedev.
- [SAFE]: Credential management is handled server-side by the Membrane platform, ensuring that sensitive API keys or tokens are not stored in the skill or exposed to the agent.
- [SAFE]: No malicious patterns, such as prompt injection, obfuscation, or unauthorized data access, were detected.
- [SAFE]: The skill has an indirect prompt injection surface as it processes data from the Podium API, which is standard for integration skills. Ingestion points: Podium API via membrane request and action run; Boundary markers: None; Capability inventory: execution of membrane CLI commands; Sanitization: Handled by the underlying platform.
Audit Metadata