scoopit
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI tool to perform all operations, including authentication (membrane login), connection management (membrane connect), and running actions (membrane action run). This is the intended mechanism for the skill's functionality. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is a legitimate requirement for the platform integration and uses the official vendor package. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly follows best practices for secret management, instructing the agent to never ask for user credentials and to instead use the Membrane platform's built-in authentication flow.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an ingestion surface where it processes data returned from Scoop.it via
membrane action run. - Ingestion points: Data returned from
membrane action run(SKILL.md). - Boundary markers: Not explicitly defined for the action output.
- Capability inventory: The agent can execute shell commands using the
membraneCLI (SKILL.md). - Sanitization: No specific sanitization logic is provided in the instructions.
- Risk: While external data is ingested, the skill's scope is limited to curated content management, and the risk of automated exploitation via this channel is low.
Audit Metadata