yuja
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official npm registry. This is a vendor-owned resource for the 'membranedev' author and is used to manage integrations. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line tool to perform operations such as authentication, listing connections, and executing actions against the YuJa API. These operations are within the scope of the skill's intended functionality. - [DATA_EXFILTRATION]: Provides functionality to send HTTP requests to the YuJa API via the
membrane requestcommand. This uses the vendor's infrastructure to securely manage authentication headers and base URLs. - [PROMPT_INJECTION]: The skill instructions emphasize using pre-built actions and letting the platform handle credentials, which reduces the surface area for common injection or credential theft attacks.
Audit Metadata