Skills
skills/membranedev/application-skills/scrapeninja/Gen Agent Trust Hub

scrapeninja

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official npm registry. This is a vendor-owned resource used to manage the integration.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations like authentication and action execution. These commands are part of the intended functionality for the platform integration.
  • [SAFE]: The skill follows security best practices by instructing the agent never to ask the user for API keys or tokens, instead delegating authentication to the Membrane platform's server-side connection manager.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted web data via ScrapeNinja.
  • Ingestion points: Web data retrieved via membrane action run as described in SKILL.md.
  • Boundary markers: None explicitly defined.
  • Capability inventory: membrane action create and membrane action run commands in SKILL.md.
  • Sanitization: None explicitly mentioned; relies on the agent's internal safety filters and platform managed environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 07:25 AM
Security Audit — agent-trust-hub — scrapeninja