Skills
skills/membranedev/application-skills/parsehub/Gen Agent Trust Hub

parsehub

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the npm registry. This is a legitimate utility provided by the skill's author (membrane) to facilitate interaction with their platform.
  • [COMMAND_EXECUTION]: The skill uses various membrane CLI commands (login, connect, action run, request) to interact with the ParseHub service. These commands are the intended mechanism for the skill's functionality and are used to manage connections and execute API requests.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to ingest and process data scraped from the web via ParseHub.
  • Ingestion points: Data is returned to the agent context through the membrane action run and membrane request commands in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the scraped content as untrusted data.
  • Capability inventory: The agent has the capability to execute further shell commands via the membrane CLI and perform network requests.
  • Sanitization: The skill does not implement or describe specific sanitization or filtering logic for the data retrieved from ParseHub.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 12:38 PM