assemblyai
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' package from the npm registry. This is an official tool provided by the vendor to manage the integration.
- [COMMAND_EXECUTION]: The instructions involve executing 'membrane' CLI commands to authenticate users, list connections, and run actions on the AssemblyAI platform.
- [SAFE]: The skill possesses an indirect prompt injection surface due to its ability to process external data. 1. Ingestion points: Audio file URLs provided to the 'create-transcript' action and parameters passed to 'action run'. 2. Boundary markers: The instructions do not specify any delimiters or safety prompts to isolate untrusted input. 3. Capability inventory: The skill can execute transcription, analysis, and management actions via the AssemblyAI API and interact with the local CLI. 4. Sanitization: There is no documentation regarding the validation or filtering of input data before processing.
Audit Metadata