signrequest
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the @membranehq/cli package via npm. This is a legitimate utility provided by the vendor for platform interaction.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform authenticated operations such as connecting to SignRequest, searching for actions, and executing API requests. These commands are consistent with the intended use case.
- [NO_CODE]: There are no scripts or executable files provided with this skill. It functions solely as a set of instructions for the agent to use the Membrane CLI tool.
- [SAFE]: No malicious patterns, obfuscation, or sensitive data exposures were identified. The use of a proxy for API requests prevents the need for local storage of credentials.
- [SAFE]: The skill possesses a data ingestion surface through API command outputs (Category 8 surface analysis).
- Ingestion points: Command results from membrane action run and membrane request (SKILL.md).
- Boundary markers: None identified.
- Capability inventory: Shell command execution via the membrane CLI (SKILL.md).
- Sanitization: Not specified in the documentation.
Audit Metadata