google-analytics
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli NPM package. This is the official command-line interface for the Membrane platform, used for secure authentication and interaction with connectors.
- [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform operations such as logging in, connecting to Google Analytics, and running actions. These are standard operations for the platform provided by the vendor.
- [PROMPT_INJECTION]: The membrane action list --intent and membrane action create commands ingest natural language descriptions. This represents an indirect prompt injection surface where untrusted data could influence action discovery or generation.
- Ingestion points: command arguments in SKILL.md.
- Boundary markers: absent in examples.
- Capability inventory: membrane action run executes resulting actions.
- Sanitization: not explicitly documented in the skill instructions.
- [SAFE]: The skill promotes security best practices by delegating all credential management to the Membrane platform's secure server-side infrastructure, explicitly advising against manual API key handling.
Audit Metadata