vimeo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill uses standard vendor-provided tools for its intended purpose.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the public NPM registry. This is a documented and expected dependency for interacting with the Membrane ecosystem. - [PROMPT_INJECTION]: This skill has a surface for indirect prompt injection (Category 8) as it retrieves untrusted metadata from the Vimeo API. However, it is classified as safe as this is necessary for its functionality and uses structured CLI commands.
- Ingestion points: Data returned from Vimeo API endpoints (e.g., video lists, metadata) via
membrane action runormembrane requestcommands. - Boundary markers: None explicitly defined within the skill instructions.
- Capability inventory: The skill supports reading, creating, updating, and deleting Vimeo resources through the
membranecommand-line tool. - Sanitization: Relies on the underlying agent platform's handling of tool outputs and the Membrane CLI's internal processing.
Audit Metadata