thoughtspot
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the npm registry. This is a vendor-provided tool required to facilitate the integration and authentication process. - [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line utility to interact with the ThoughtSpot API, including logging in, creating connections, and executing data queries. All command executions are scoped to the primary purpose of the skill. - [CREDENTIALS_UNSAFE]: The skill explicitly adheres to security best practices by advising against the use of hardcoded API keys or tokens, instead utilizing a managed connection system that handles authentication tokens server-side.
Audit Metadata