worksnaps
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via NPM. This is a vendor-owned package used for the skill's core functionality. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to search for connectors, manage connections, and execute API actions. These commands are executed locally to facilitate the integration. - [DATA_EXFILTRATION]: The skill communicates with the Worksnaps API through a managed proxy. It explicitly advises against manual handling of API keys or tokens, leveraging the platform's internal credential management to enhance security.
- [PROMPT_INJECTION]: The skill processes external data from Worksnaps (such as project and user information). While this introduces a surface for indirect prompt injection if the external data contains instructions, it is an inherent risk of API integrations and no specific malicious patterns were identified.
Audit Metadata