repliq
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to interact with the RepliQ API using the Membrane CLI, which is a standard integration pattern for this vendor.
- [EXTERNAL_DOWNLOADS]: The skill references the @membranehq/cli npm package. As this package is owned by the vendor 'membranedev', it is treated as a trusted resource for this skill and does not escalate the risk level.
- [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to manage data, such as login, connect, and action run. These actions are aligned with the skill's documented purpose of sales outreach automation.
- [CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding secrets and instead uses Membrane's built-in authentication system, ensuring that API keys and tokens are managed securely server-side.
- [PROMPT_INJECTION]: While the skill processes external data from RepliQ which is a potential surface for indirect prompt injection, this is considered a low-risk factor essential to the skill's primary function of data integration.
Audit Metadata