bitquery
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This tool is the official CLI for the Membrane platform and is used to manage integrations. - [COMMAND_EXECUTION]: The instructions utilize shell commands such as
membrane loginandmembrane action runto interact with the Bitquery API through the Membrane middleware. These are standard operations for the tool's intended purpose. - [CREDENTIALS_SAFE]: The skill explicitly instructs users to avoid hardcoding API keys or tokens, directing them to use Membrane's server-side connection management. This follows security best practices for credential handling.
- [INDIRECT_PROMPT_INJECTION]: The skill acts as an interface for blockchain data which could potentially contain adversarial content designed to influence the agent.
- Ingestion points: The skill ingests untrusted blockchain data through GraphQL query responses processed by
membrane action run. - Boundary markers: There are no explicit markers or delimiters defined in the instructions to separate data from instructions.
- Capability inventory: The skill has the capability to execute actions on the Membrane platform and create new automated logic.
- Sanitization: No explicit sanitization or filtering of the retrieved blockchain data is mentioned in the skill definition.
Audit Metadata