rescuetime
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is a vendor-owned resource used for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI tool to perform various operations such as searching for connectors, connecting to services, and running actions. These commands are standard for the platform's functionality. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, directing the agent to use Membrane's managed connection system which handles credentials server-side.
- [PROMPT_INJECTION]: The skill ingests data from the RescueTime API (e.g., reports, activities). While this represents a surface for indirect prompt injection, the risk is managed by the use of structured CLI commands and the platform's proxy system.
Audit Metadata