Skills
skills/membranedev/application-skills/markettime/Gen Agent Trust Hub

markettime

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry. This is a vendor-provided tool required for the skill to operate.\n- [COMMAND_EXECUTION]: The skill uses the membrane CLI for operations such as authentication and running integration actions.\n- [PROMPT_INJECTION]: The skill retrieves and processes data from the MarketTime API, creating a potential surface for indirect prompt injection.\n
  • Ingestion points: Data is ingested through the output of the membrane action run command.\n
  • Boundary markers: The skill does not define delimiters or specific instructions to isolate external content from the agent's instructions.\n
  • Capability inventory: The skill has the capability to execute shell commands and install software packages globally.\n
  • Sanitization: There is no evidence of sanitization or validation of the external API data before it is incorporated into the session context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:36 AM