polygon
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user/agent to install the
@membranehq/clipackage from the NPM registry. This is the official command-line tool provided by the vendor (membranedev/membranehq) for interacting with their platform. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to manage connections and execute actions. These commands are restricted to the functionality provided by the vendor's platform. - [CREDENTIALS_UNSAFE]: The skill explicitly adheres to security best practices by instructing the agent to never request API keys or tokens from the user, instead relying on the platform's built-in OAuth and connection management.
- [DATA_EXPOSURE]: This skill provides a surface for indirect prompt injection by interpolating user-provided intents and inputs directly into CLI commands (e.g.,
membrane action list --intent "QUERY"). While this is a common pattern for such tools, it relies on the underlying CLI and LLM guardrails to prevent command injection or unintended behavior.
Audit Metadata