tomtom
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is the author's official tool for managing integrations. - [COMMAND_EXECUTION]: Employs the
membraneCLI to handle user authentication, manage connection IDs, and execute API actions. These commands are standard for the described integration workflow. - [SAFE]: The skill follows security best practices by using server-side managed connections instead of requesting or storing raw API keys or tokens locally.
- [PROMPT_INJECTION]: The skill processes data from external TomTom API endpoints. This creates an indirect prompt injection surface where external data could potentially influence agent behavior, though this is a standard risk for any data-integrating skill and is mitigated by the structured use of the CLI.
Audit Metadata