coinapi
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage globally via npm. This is the official command-line tool for the Membrane platform and is required for the skill to function.- [COMMAND_EXECUTION]: The skill instructs the agent to execute variousmembraneCLI commands for authentication (login), connection management (connect,connection list), and data retrieval (action run,request). These are standard administrative operations for this integration.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing real-time and historical market data, including news and orderbook information from CoinAPI. - Ingestion points: External data is ingested through
membrane action runandmembrane requestcommands as described in SKILL.md. - Boundary markers: There are no explicit boundary markers or instructions defined in the skill to treat the external API responses as untrusted data.
- Capability inventory: The skill has the capability to execute shell commands and perform network requests via the Membrane proxy.
- Sanitization: No sanitization or filtering logic is specified for the data retrieved from the CoinAPI endpoints.
Audit Metadata