squadcast
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via NPM. This is an official tool provided by the vendor (Membrane) to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions like searching for connectors, managing connections, and executing Squadcast actions. This is the intended and documented method for using this integration. - [CREDENTIALS_UNSAFE]: The skill explicitly discourages the collection of manual API keys or tokens from users, instead utilizing Membrane's server-side connection management to handle the authentication lifecycle securely.
- [PROMPT_INJECTION]: As the skill retrieves data from external Squadcast incidents (such as notes or tasks), there is a standard surface for indirect prompt injection. While the skill does not currently define specific boundary markers for this data, the risk is inherent to any incident management integration and is mitigated by the platform's standard safety layers.
Audit Metadata