newscatcher
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@membranehq/clipackage from npm. This tool is provided by the vendor (membranedev) to facilitate communication with the NewsCatcher service. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to manage connections and execute API actions. These commands are used for legitimate integration purposes such as searching for news articles and extracting text. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted news content from external sources.
- Ingestion points: News article text and summaries retrieved via the NewsCatcher API (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill has the capability to run CLI actions and make network requests through the
membraneutility. - Sanitization: The skill does not implement specific sanitization logic, relying instead on the default behavior of the Membrane platform.
Audit Metadata