aylien-news-api
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is the official command-line tool for the Membrane platform, provided by the vendor (membranedev). - [CREDENTIALS_UNSAFE]: The skill demonstrates excellent security hygiene by utilizing Membrane's managed authentication flow. It explicitly advises against requesting API keys or secrets from the user, delegating all credential management and token lifecycles to the Membrane platform server-side.
- [PROMPT_INJECTION]: Risk of indirect prompt injection exists because the skill processes content from the Aylien News API. While no specific malicious patterns were detected in the skill instructions, the agent should treat news article data as untrusted external content.
- Ingestion points: News article data, story content, and metadata retrieved via
membrane action run. - Boundary markers: None identified; the skill processes raw tool output.
- Capability inventory: The agent can execute
membraneCLI commands to perform searches, create actions, and run API calls. - Sanitization: No explicit sanitization of news content is performed before processing.
Audit Metadata