Skills
skills/membranedev/application-skills/ibm-x-force-exchange/Gen Agent Trust Hub

ibm-x-force-exchange

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from npm (@membranehq/cli@latest). This is an official package from the vendor ('membranedev') and is considered a safe development tool.
  • [COMMAND_EXECUTION]: The skill uses membrane CLI commands to perform operations like login, connection management, and action execution. These commands are part of the intended functionality of the skill and do not involve arbitrary or malicious shell execution.
  • [CREDENTIALS_UNSAFE]: The skill explicitly follows best practices by instructing the agent to never ask for API keys. It uses membrane login and membrane connect to handle authentication server-side, ensuring no secrets are stored locally or hardcoded in the skill.
  • [DATA_EXFILTRATION]: No patterns of sensitive data exfiltration were detected. Network operations are directed towards IBM X-Force Exchange (via the Membrane connector) and the Membrane backend for authorized integration tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:36 AM