whistic
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI to perform operations such as searching for connectors, managing connections, and executing actions. These commands are standard for the platform and used for their intended purpose.- [EXTERNAL_DOWNLOADS]: The documentation includes instructions to install the@membranehq/clipackage from npm. This package is the official tool provided by the vendor for managing integrations.- [DATA_EXFILTRATION]: While the skill enables data retrieval from Whistic, it uses a secure proxy mechanism (membrane request) that handles authentication and transport. No patterns indicating unauthorized data exfiltration to third-party domains were detected.- [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling patterns were found. The skill explicitly directs the agent and user to use Membrane's connection system to manage authentication tokens server-side.
Audit Metadata