opengraphio
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI global package (
@membranehq/cli) from the official NPM registry. This is a standard installation procedure for the vendor's own tooling and follows the identified vendor resource patterns. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions such as logging in, connecting to services, and executing workflow actions. These commands are part of the intended functionality for interacting with the Membrane platform. - [DATA_EXFILTRATION]: The skill emphasizes a 'no local secrets' policy, instructing the agent to never ask the user for API keys or tokens. Instead, it uses a server-side connection model where credentials are managed by the Membrane platform, reducing the risk of local credential exposure.
- [PROMPT_INJECTION]: The skill processes metadata (titles, descriptions, images) fetched from external URLs via OpenGraph.io. While this introduces a potential surface for indirect prompt injection from malicious website content, it is the primary purpose of the skill. The risk is inherent to data parsing tasks and is mitigated by the agent's internal safety guardrails.
Audit Metadata