sportsdata
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill instructs the user to install the Membrane CLI tool (@membranehq/cli) from the npm registry. This tool is the official CLI provided by the vendor for managing integrations.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill follows security best practices by utilizing Membrane's server-side connection management for authentication. It explicitly advises against requesting or storing raw API keys, which reduces the risk of credential exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the SportsData API via the membrane action run command. While no specific boundary markers or sanitization steps are documented for this ingestion point, the skill's capabilities are restricted to managed CLI actions, representing a standard integration risk profile.
Audit Metadata