treasury-prime
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the official registry using
npm install -g @membranehq/cli. This is a vendor-owned package used for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill provides numerous CLI commands for the agent to execute, including
membrane login,membrane connect, andmembrane action run. These commands are used to interact with the Treasury Prime API via the vendor's platform. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or API keys were detected. The skill specifically instructs the agent and user to use the platform's connection system to handle authentication server-side, which is a recommended security practice.
- [DATA_EXFILTRATION]: While the skill facilitates data retrieval from Treasury Prime, it does so through authenticated requests via the
membraneCLI, which is consistent with the skill's stated purpose of managing banking data.
Audit Metadata