videoask
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line tool provided by the vendor (Membrane) to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI for various operations, including authentication (membrane login), connection management (membrane connect), and executing VideoAsk API actions (membrane action run). These commands are necessary for the skill's stated purpose of managing VideoAsk data. - [PROMPT_INJECTION]: The skill processes external data from VideoAsk responses. While this represents an ingestion point for untrusted data, the skill limits the risk by using structured actions and recommending the use of the vendor's platform for secure communication.
- Ingestion points: Data is ingested through
membrane action runandmembrane requestcalls inSKILL.md. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: The agent can execute shell commands via the
membraneCLI as documented inSKILL.md. - Sanitization: Not specified; however, the skill promotes using pre-built actions which handle data mapping and edge cases.
Audit Metadata