rex
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the public npm registry. This is a legitimate utility provided by the skill's author to enable interaction with the Membrane platform. - [COMMAND_EXECUTION]: The skill relies on executing shell commands via the
membraneCLI to perform core functions such as logging in, connecting to services, and running data actions. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating user-controlled input into CLI command arguments.
- Ingestion points: User-provided strings are interpolated into the
--intentparameter ofmembrane action listand the--inputparameter ofmembrane action runinSKILL.md. - Boundary markers: No delimiters or protective warnings are used to isolate user data from the command structure.
- Capability inventory: The skill can execute and create remote actions using the
membrane action runandmembrane action createcommands documented inSKILL.md. - Sanitization: The instructions do not define any sanitization or validation steps for external content before processing.
- [SAFE]: The skill follows security best practices by delegating authentication to the Membrane platform via a browser-based flow, ensuring that API keys and tokens are managed securely and not stored in plain text by the agent.
Audit Metadata