Skills
skills/membranedev/application-skills/hippo-video/Gen Agent Trust Hub

hippo-video

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (@membranehq/cli) from the npm registry. This is a legitimate utility provided by the skill author for managing integrations.
  • [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to perform operations like searching for connectors, establishing connections, and running actions. These commands are part of the intended functionality for interacting with the Hippo Video API.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from the Hippo Video platform.
  • Ingestion points: External data is retrieved via actions like get-viewer-profiles, get-video-details, and list-videos in SKILL.md.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: The skill can execute commands via the membrane CLI and perform network operations through membrane request.
  • Sanitization: No explicit sanitization or validation of the retrieved external content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 09:05 AM