alpha-vantage
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal package from the NPM registry. This is a vendor-provided tool necessary for the skill's interaction with the Membrane platform. - [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI for managing connections, searching for actions, and executing them. These commands are well-structured and used for the skill's primary purpose of retrieving financial data. - [DATA_EXFILTRATION]: The skill avoids local credential exposure by utilizing the vendor's server-side authentication flow (
membrane connect), ensuring that API keys are managed securely on the platform rather than being stored in the agent's environment. - [SAFE]: The skill presents an indirect prompt injection surface when processing external data (market trends and news sentiment) retrieved from the Alpha Vantage API. This is expected behavior for this use case.
- Ingestion points: Data enters the context through the output of
membrane action runcommands (SKILL.md). - Boundary markers: Not explicitly defined in the prompt instructions.
- Capability inventory: The skill uses the
membraneCLI to perform network-based operations via the vendor's API gateway. - Sanitization: No specific sanitization or filtering of API responses is mentioned before the data is presented to the agent.
Audit Metadata