outscraper
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a legitimate tool provided by the skill's author (membrane/membranedev) to facilitate interaction with their platform. - [COMMAND_EXECUTION]: Instructions involve executing various
membraneCLI commands for authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These are standard operational commands for the platform. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) because it is designed to scrape and ingest data from external, untrusted sources such as Google Search, social media profiles, and arbitrary websites.
- Ingestion points: Content retrieved via Outscraper APIs (e.g., SERP data, social media comments, website text) enters the agent context through the
membrane action runcommand. - Boundary markers: None identified in the instructional text.
- Capability inventory: The agent can run arbitrary actions via the CLI and create new actions based on natural language descriptions (
membrane action create). - Sanitization: Not specified in the skill instructions.
Audit Metadata