google-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the Membrane CLI via 'npm install -g @membranehq/cli'. This is an official tool provided by the skill's author (membrane) to manage the integration.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' command-line interface to perform operations such as authentication, connection management, and executing API actions. These commands are standard for the Membrane ecosystem and do not involve arbitrary or dangerous command injection.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) as it processes data retrieved from the Google Analytics API.
- Ingestion points: API responses from 'membrane action run' and 'membrane request' (SKILL.md).
- Boundary markers: Data is handled in structured JSON format which provides inherent separation from instructions.
- Capability inventory: The skill can execute CLI commands and make network requests through a managed proxy (SKILL.md).
- Sanitization: Content is managed through the vendor's structured API integration logic.
Audit Metadata