savvycal
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows security best practices by using the Membrane CLI to manage OAuth flows and credential lifecycles. This ensures that sensitive API keys or tokens are not handled directly by the agent or stored in insecure locations.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This package is the official tool provided by the vendor (membranedev) for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses shell commands (e.g.,
membrane action run,membrane request) to interact with SavvyCal data. These commands are scoped to the intended functionality of the integration. - [SAFE]: The skill processes data from the SavvyCal API. While this constitutes an indirect prompt injection surface area, the skill's design relies on a structured CLI for data retrieval, which is a common and legitimate pattern for API integrations.
Audit Metadata