gathercontent
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' package from npm. This is an official utility provided by the vendor (membranedev) to manage authentication and API interactions safely.
- [COMMAND_EXECUTION]: Utilizes the 'membrane' command-line interface to execute actions and manage connections. These commands are standard for the tool and do not involve arbitrary or hidden shell execution.
- [PROMPT_INJECTION]: The skill is designed to process data from GatherContent, which represents a potential surface for indirect prompt injection. However, the risk is inherent to the integration's purpose and handled via structured tool outputs rather than raw prompt interpolation.
- Ingestion points: Content retrieved via 'membrane action run' (SKILL.md).
- Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: Execution of defined actions through the 'membrane' CLI (SKILL.md).
- Sanitization: The skill relies on the Membrane platform's built-in handling for action inputs and outputs.
Audit Metadata