flexera
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is the official command-line interface provided by the skill's authoring organization (Membrane). - [COMMAND_EXECUTION]: Instructs the agent to execute
membraneCLI commands to handle authentication, manage connections, and interact with the Flexera API. - [SAFE]: The skill follows security best practices by utilizing the Membrane platform's authentication flow, which avoids the need for hardcoded secrets or user-provided API keys in the prompt context.
- [PROMPT_INJECTION]: The skill processes data from Flexera APIs, which represents an indirect prompt injection surface. However, this is inherent to the integration's purpose and no malicious intent was detected.
- Ingestion points: Data entering through
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Ability to execute the
membraneCLI and make proxied network requests to Flexera. - Sanitization: Relies on the underlying LLM's safety filters as no explicit sanitization is performed on the retrieved data within the skill logic.
Audit Metadata