code-dx
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm to interface with the Membrane platform. - [COMMAND_EXECUTION]: It uses various subcommands of the
membraneCLI (such aslogin,connect,action run, andrequest) to manage the integration and interact with the Code Dx service. - [PROMPT_INJECTION]: The skill handles data from Code Dx which could lead to indirect prompt injection if the retrieved content contains malicious instructions. * Ingestion points: API responses and action outputs from Code Dx (referenced in SKILL.md). * Boundary markers: Absent; instructions do not suggest using delimiters for external data. * Capability inventory: Shell command execution and network requests via the
membraneCLI tool (referenced in SKILL.md). * Sanitization: Absent; no validation of external content is performed before processing.
Audit Metadata