gameanalytics
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official
@membranehq/clipackage from the NPM registry. This is a vendor-managed tool used for facilitating secure API interaction and authentication management. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform operations such as authentication, searching for integration actions, and executing data queries against the GameAnalytics API. - [PROMPT_INJECTION]: The skill ingests data from external GameAnalytics sources (funnels, cohorts, SQL reports). This data is processed by the agent, representing an indirect prompt injection surface.
- Ingestion points: Data returned by
membrane action runandmembrane action listcommands inSKILL.md. - Boundary markers: Absent; the skill does not explicitly define delimiters for external data.
- Capability inventory: Use of the
membraneCLI for managing connections, creating actions, and executing them. - Sanitization: None detected; the skill relies on the agent's internal filtering for external tool outputs.
Audit Metadata