snyk
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
@membranehq/clipackage globally via npm and suggests usingnpx @membranehq/cli@latestfor action discovery. These are standard procedures for utilizing the vendor's command-line tools. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as authentication (membrane login), connection management (membrane connect), and executing API actions (membrane action run). These commands are scoped to the Snyk integration purpose. - [SAFE]: The skill explicitly promotes secure credential handling, instructing the agent to never ask the user for API keys or tokens, relying instead on Membrane's server-side authentication lifecycle.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from the Snyk API (vulnerability reports, project metadata). This is a standard risk for integration skills where external data enters the agent context.
Audit Metadata