newscatcher
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI for connection management and action execution, which is the platform's standard operational mode. - [EXTERNAL_DOWNLOADS]: The skill involves downloading and installing the
@membranehq/clipackage from NPM, which is an official resource belonging to the skill's vendor. - [PROMPT_INJECTION]: The skill processes news content from NewsCatcher, which constitutes an indirect prompt injection surface. Ingestion points: Article text and summaries (SKILL.md). Boundary markers: Absent. Capability inventory: Running CLI-based actions (SKILL.md). Sanitization: Not explicitly defined. This ingestion is necessary for the skill's primary function of news aggregation.
Audit Metadata