maintainx
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the NPM registry to provide platform tooling.
- [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI to perform authentication, connection management, and action execution.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from the MaintainX API. 1. Ingestion points: Data enters the agent context through the output of MaintainX actions via the membrane action run command. 2. Boundary markers: No explicit delimiters are used to wrap external content. 3. Capability inventory: The skill can create and execute actions, and manage connections. 4. Sanitization: There is no evidence of sanitization for retrieved API data.
- [SAFE]: The skill follows security best practices for secret management by delegating authentication to the Membrane platform instead of asking for API keys.
Audit Metadata