yoco
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the '@membranehq/cli' package from the npm registry. This is an official vendor tool from 'membranedev' used to facilitate the integration and manage authentication.
- [COMMAND_EXECUTION]: The instructions involve executing 'membrane' CLI commands to search for connectors, authenticate accounts, and run API actions. These operations are scoped to the intended functionality of managing Yoco data through the Membrane platform.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill uses a secure proxy mechanism ('membrane request') to interact with the Yoco API, which handles credential management server-side to prevent local secret exposure.
- [PROMPT_INJECTION]: The skill contains no malicious instructions aimed at bypassing AI safety guardrails or overriding system prompts.
Audit Metadata