youtube-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions utilize the
@membranehq/clitool, which is the official CLI for the skill's author (membranedev). The use of this tool for managing connections and performing API requests is consistent with the skill's stated purpose. - [SAFE]: Authentication is handled through a secure browser-based flow (
membrane login), ensuring that sensitive credentials like OAuth tokens are managed by the Membrane platform and not stored insecurely within the skill or environment variables. - [DATA_EXPOSURE_&_EXFILTRATION]: No sensitive local file access or exfiltration patterns were detected. All network operations are directed through the Membrane platform for interacting with the official Google YouTube Analytics API.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves data from YouTube Analytics (comments, reports). However, this is a standard functional requirement for such an integration.
- Ingestion points: Data is ingested through
membrane action runandmembrane requestcommands (referenced in SKILL.md). - Boundary markers: No specific boundary markers or 'ignore' instructions are present in the prompt templates.
- Capability inventory: The skill uses shell command execution via the
membraneCLI to perform API actions. - Sanitization: Sanitization is handled at the platform level by Membrane, which provides structured output schemas for actions.
Audit Metadata