alpha-vantage
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the global installation of the Membrane CLI (@membranehq/cli) via NPM. This tool is a verified vendor resource from membranedev used to facilitate the connection and execution of actions on the Membrane platform.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external content from the Alpha Vantage API, such as market news and sentiment data.\n
- Ingestion points: Data enters the agent context through the outputs of 'membrane action run' and 'membrane request' commands.\n
- Boundary markers: No specific delimiters or instructions for the agent to ignore embedded commands within the API data are defined.\n
- Capability inventory: The skill allows the execution of defined actions and raw API requests via the Membrane proxy.\n
- Sanitization: There is no mention of sanitization or validation of the retrieved API data before it is presented to the agent.
Audit Metadata