gtmetrix
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (@membranehq/cli) globally via npm. This is a standard dependency for skills interacting with the Membrane ecosystem.
- [COMMAND_EXECUTION]: Uses the
membraneCLI to manage connections and execute GTmetrix-related actions. The instructions guide the user through a secure authentication flow that avoids local credential storage. - [PROMPT_INJECTION]: The skill ingests data from external GTmetrix reports, which is a common surface for indirect prompt injection in tool-oriented skills.
- Ingestion points: Data retrieved from action outputs in
SKILL.md(e.g., viamembrane action run). - Boundary markers: None explicitly defined to separate tool output from agent instructions.
- Capability inventory: The agent can execute CLI commands and manage connections through the provided instructions.
- Sanitization: No specific sanitization logic is provided for external report data, which is typical for this type of integration.
Audit Metadata