Skills
skills/membranedev/application-skills/pixiebrix/Gen Agent Trust Hub

pixiebrix

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via the membrane CLI to perform authentication (membrane login), connection management (membrane connect), and action execution (membrane action run).
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection (Category 8) because it retrieves and processes data from external PixieBrix actions.
  • Ingestion points: Data returned from execution of actions via membrane action run as described in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or boundary markers to isolate untrusted external data from the agent's internal instructions.
  • Capability inventory: The agent has the capability to execute shell commands and install software packages.
  • Sanitization: No explicit sanitization, filtering, or validation of the data retrieved from external PixieBrix actions is mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:49 PM
Security Audit — agent-trust-hub — pixiebrix