amara
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the Membrane CLI (@membranehq/cli) from the NPM registry. This tool is a verified vendor resource from the skill author, membranedev, and is required for the integration to function.
- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' CLI to interact with Amara's API for listing videos, teams, and managing subtitles. These operations are standard for the integration and are executed within the user's controlled environment.
- [PROMPT_INJECTION]: This skill has a surface for indirect prompt injection as it retrieves and processes external content (subtitles, video notes, and descriptions) from the Amara API. 1. Ingestion points: Data is retrieved via CLI commands like 'membrane action run' and 'membrane request'. 2. Boundary markers: No explicit boundary markers or isolation instructions are present in the skill body. 3. Capability inventory: The agent has access to the 'membrane' CLI for authenticated API requests. 4. Sanitization: The skill does not define specific sanitization or validation logic for the external data. This risk is inherent to data-processing integrations and is not considered a critical vulnerability in this context.
Audit Metadata