google-search-console
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as logging in, connecting to search properties, and running actions. This is the intended behavior for interacting with the Membrane platform. - [EXTERNAL_DOWNLOADS]: Instructs the installation of the
@membranehq/clipackage from the npm registry. This is the official tool provided by the vendor (membranedev) for the platform's functionality. - [REMOTE_CODE_EXECUTION]: Features a capability to create new actions dynamically (
membrane action create), which generates integration code on the Membrane platform based on user descriptions. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it retrieves and processes data from external sources (Google Search Console).
- Ingestion points: Data such as site URLs, performance reports, and sitemap information enter the agent context via the
membrane action runcommand inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between platform data and potentially malicious strings embedded in site metadata.
- Capability inventory: The agent has the ability to execute shell commands and modify resources via the
membraneCLI as documented inSKILL.md. - Sanitization: The skill does not specify any sanitization or validation steps for the data retrieved from the Search Console API.
Audit Metadata