thoughtful-gpt
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is an official tool from the vendor (membranedev) used for managing API connections. - [COMMAND_EXECUTION]: The skill uses standard CLI commands (
membrane login,membrane action run,membrane request) to interact with the Thoughtful GPT API through the Membrane proxy. These operations are intended for the skill's primary purpose and do not show signs of malicious command injection or unauthorized access. - [CREDENTIALS_UNSAFE]: The instructions follow secure practices by advising users to let the Membrane platform handle authentication and credential refresh, explicitly discouraging the manual input of API keys or secrets.
Audit Metadata