parser-expert
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the @membranehq/cli package, which is the official command-line interface for the vendor's platform. This is used for authentication and managing service connectors.
- [COMMAND_EXECUTION]: The instructions utilize the membrane CLI to perform authenticated operations, including searching for connectors, creating connections, and executing API actions. These are legitimate uses of the platform's tooling.
- [SAFE]: The skill adheres to security best practices by using a managed authentication system (Membrane) which avoids the need for hardcoded API keys or user-provided tokens in the prompt.
- [PROMPT_INJECTION]: The skill ingests unstructured text data from Parser Expert, creating an indirect prompt injection surface. (1) Ingestion points: Data retrieved from Parser Expert via membrane action run or membrane request. (2) Boundary markers: None identified in the skill instructions. (3) Capability inventory: The agent can execute CLI actions and perform network requests via the Membrane proxy. (4) Sanitization: No explicit data sanitization or validation logic is defined for the external content.
Audit Metadata