zenscrape
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is a vendor-owned resource used to interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI (e.g.,login,connect,action run) to manage integrations and execute scraping tasks. These commands are the intended method of operation for the skill. - [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill explicitly directs the agent to avoid asking for user API keys, instead using server-side connection management to handle secrets securely.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from web scraping results.
- Ingestion points: Data enters the agent context via the output of
membrane action runas described inSKILL.md. - Boundary markers: None are specified in the instructions to delimit untrusted web content.
- Capability inventory: The skill has the capability to execute shell commands via the
membraneCLI, as documented inSKILL.md. - Sanitization: No explicit sanitization or validation steps are provided for the content retrieved from external websites.
Audit Metadata