transfi
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official npm registry. This is a vendor-owned tool used for managing platform interactions. - [COMMAND_EXECUTION]: The skill uses shell commands to interact with the TransFi service through the Membrane platform. These commands are used for legitimate data management tasks like listing connections and running actions.
- [DATA_EXFILTRATION]: The skill employs a brokered authentication model where the Membrane platform manages credentials server-side. This prevents sensitive tokens from being stored in the local environment or exposed to the agent.
- [PROMPT_INJECTION]: While the skill processes external data from TransFi and uses natural language descriptions to create actions, it does not contain instructions that bypass agent safety guidelines. Standard risks associated with processing untrusted external data are mitigated by the platform's brokered execution model.
Audit Metadata