zenscrape
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI tool to execute actions and proxy requests to the Zenscrape API. This is expected behavior for an integration on the Membrane platform.\n- [EXTERNAL_DOWNLOADS]: The instructions direct the user to install the@membranehq/clipackage from npm. This is a verified vendor resource for the Membrane ecosystem.\n- [PROMPT_INJECTION]: The skill processes data scraped from external websites, which introduces a risk of indirect prompt injection if the content contains malicious instructions for the agent.\n - Ingestion points: Web content retrieved via
membrane requestormembrane action run.\n - Boundary markers: None present.\n
- Capability inventory: Shell command execution via the
membraneCLI.\n - Sanitization: No data sanitization or filtering is specified in the skill.
Audit Metadata