chartiq
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform actions such as logging in, searching for connectors, and running financial data queries. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the NPM registry, which is an official tool provided by the vendor. - [PROMPT_INJECTION]: The skill processes external data from the ChartIQ API via CLI outputs, presenting a potential surface for indirect prompt injection.
- Ingestion points: Data returned from
membrane action list,membrane action run, andmembrane requestcommands. - Boundary markers: Not explicitly defined for command outputs.
- Capability inventory: Execution of shell commands via the
membraneCLI. - Sanitization: None specified for external API responses before processing.
Audit Metadata