maxxton
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official command-line interface provided by the vendor to manage service integrations. - [COMMAND_EXECUTION]: The agent is instructed to execute various shell commands using the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run). These commands are necessary for authenticating with the platform and performing data operations. - [PROMPT_INJECTION]: The skill processes data retrieved from the Maxxton API, which constitutes an indirect prompt injection surface.
- Ingestion points: External data returned from Maxxton records via the
membrane action runcommand. - Boundary markers: None provided; the agent processes external data within its standard context.
- Capability inventory: The agent can execute shell commands through the CLI and interact with the Membrane platform's action creation and execution APIs.
- Sanitization: The instructions do not specify any sanitization or validation of the data retrieved from the external API before it is presented to the agent.
Audit Metadata