purple-sonar
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI (
@membranehq/cli) to interact with the Purple Sonar API. These commands are used for standard integration tasks such as logging in, searching for connectors, and executing actions. - [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the official NPM registry. This is a vendor-provided tool required for the skill's functionality and is consistent with the author's infrastructure. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by using managed connections. It explicitly instructs users not to provide API keys or tokens, instead delegating credential management to the Membrane platform via a server-side OAuth flow.
Audit Metadata