newsman
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official npm registry, which is a required vendor resource for interacting with the Membrane platform.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform login, manage connections, and execute API actions on the Newsman service.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface for action discovery and creation. * Ingestion points: Natural language input for --intent and action DESCRIPTION parameters in SKILL.md. * Boundary markers: None present in the command templates. * Capability inventory: The CLI allows for network operations and remote execution of actions. * Sanitization: Relies on platform-level handling of input strings. This surface is necessary for the skill's primary natural language functionality.
- [SAFE]: Implements secure credential management by leveraging the Membrane platform's authentication flow, ensuring no static API keys or secrets are exposed or stored in the local environment.
Audit Metadata