dacast
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official components from the author
membranedev, including the@membranehq/clinpm package and thegetmembrane.comdomain. These are recognized vendor resources. - [SAFE]: The skill follows security best practices by using
membrane loginandmembrane connectto manage credentials, ensuring that API keys and secrets are handled by the platform rather than being stored locally or hardcoded. - [PROMPT_INJECTION]: The skill enables the ingestion of external data from Dacast, creating a surface for potential indirect prompt injection if retrieved data (such as video titles or descriptions) contains instructions designed to influence the agent.
- Ingestion points: Metadata for videos, streams, and playlists is fetched via actions like
list-videosandlookup-videodefined in SKILL.md. - Boundary markers: Absent; the skill does not explicitly specify delimiters for data retrieved from the Dacast API.
- Capability inventory: The skill allows the agent to execute actions (
membrane action run) and perform network operations (membrane request) using retrieved parameters. - Sanitization: Absent; there is no mention of filtering or sanitizing the content received from the Dacast API.
Audit Metadata