timebuzzer
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry, which is the standard tool for the vendor's ecosystem. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to handle login, connection management, and running API actions. - [INDIRECT_PROMPT_INJECTION]: The skill interacts with external data from the TimeBuzzer API which could contain untrusted content.
- Ingestion points: Data retrieved from TimeBuzzer tasks, reports, and user entities via the CLI or proxy requests.
- Boundary markers: Not present in the current instructions.
- Capability inventory: Shell command execution and proxied network requests via the
membranetool. - Sanitization: The skill relies on the agent's default processing of CLI output without additional validation layers.
Audit Metadata