bexio
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via NPM. This is the official command-line tool provided by the vendor (Membrane) to facilitate secure integration. - [COMMAND_EXECUTION]: The skill uses shell commands to interact with the Membrane CLI for authentication (
membrane login), connection management (membrane connect), and executing actions (membrane action run). This is the primary method of operation and does not involve arbitrary or unsafe command construction. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external Bexio records (such as contact notes or invoice descriptions) which are then processed by the agent. While this presents a potential surface for indirect prompt injection, it is a standard risk for CRM integrations and the skill provides no high-privilege capabilities that would lead to escalation.
- Ingestion points: Data returned from
membrane action run(e.g., contact details, invoices). - Boundary markers: Not explicitly defined in the prompt templates.
- Capability inventory: Limited to
membraneCLI subprocess calls for data retrieval and modification. - Sanitization: Relies on the agent's native content filtering and the Membrane platform's schema validation.
Audit Metadata