whatcounts
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill performs legitimate service integration tasks as described.
- [EXTERNAL_DOWNLOADS]: The skill requires installing the @membranehq/cli package from the official NPM registry. This is a standard requirement for using the Membrane platform and originates from a trusted vendor.
- [COMMAND_EXECUTION]: Employs the membrane command-line tool to perform actions such as login, connection management, and running specific WhatCounts API operations. All commands are relevant to the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes data from the WhatCounts API through 'membrane action run' and 'membrane request' commands, which serve as ingestion points for external data. While no specific boundary markers or sanitization instructions are included to prevent indirect prompt injection, the skill's structure does not exhibit any patterns of exploitation or unsafe interpolation.
Audit Metadata