alphasense
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource used to manage authentication and interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill provides a set of instructions to execute
membraneCLI commands. These commands are used for user authentication, discovering AlphaSense actions, and performing API requests via a proxy service. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it retrieves and processes data from the external AlphaSense API which could contain malicious instructions.
- Ingestion points: Responses from AlphaSense API calls executed via
membrane action listandmembrane request(documented in SKILL.md). - Boundary markers: The instructions do not define specific delimiters or instructions to treat external data as untrusted.
- Capability inventory: The skill can execute various AlphaSense actions and arbitrary HTTP requests through the
membraneCLI (documented in SKILL.md). - Sanitization: No sanitization or validation of external API content is documented within the skill's workflow.
Audit Metadata