pumble
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the official
@membranehq/clipackage from npm. This is a standard procedure for using the vendor's platform and does not involve untrusted third-party code. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to manage connections and execute Pumble actions. These commands are restricted to the platform's intended integration logic and do not perform unauthorized system modifications. - [CREDENTIALS_UNSAFE]: The skill specifically instructs the agent to avoid requesting API keys or tokens from the user, emphasizing the use of Membrane's managed authentication flow which handles secrets securely on the server side.
Audit Metadata