veritone
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the vendor (Membrane) to interact with their services.\n- [COMMAND_EXECUTION]: The skill provides various shell commands using themembraneutility for authentication, connecting to Veritone, and executing cognitive actions. These commands are central to the skill's purpose and are intended to be executed by the agent.\n- [PROMPT_INJECTION]: The skill includes a natural language action search via the--intentparameter. This constitutes an indirect prompt injection surface.\n - Ingestion points: Natural language input in the
intentargument of CLI commands in SKILL.md.\n - Boundary markers: Not explicitly provided in the CLI instructions.\n
- Capability inventory: The agent can execute discovered actions using
membrane action run.\n - Sanitization: Provided by the backend infrastructure of the vendor platform. This is a standard architectural pattern for the platform and is consistent with the skill's intended functionality.
Audit Metadata