veracode
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the Membrane CLI package
@membranehq/clifrom the public npm registry. This is a standard dependency for the skill's stated purpose of managing Veracode data via the Membrane platform. - [COMMAND_EXECUTION]: Uses the
membranecommand-line utility to perform actions such as logging in, searching for connectors, and executing API requests. These commands are localized to the vendor's toolset and align with the skill's administrative functions. - [SAFE]: No malicious patterns such as prompt injection, credential theft, or unauthorized data exfiltration were detected. The skill explicitly advises using the platform's connection manager rather than handling raw credentials locally.
Audit Metadata