dixa
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membranecommand-line interface to manage Dixa connections, discover available actions, and execute API requests. - [EXTERNAL_DOWNLOADS]: The instructions involve installing the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource used to facilitate the integration. - [PROMPT_INJECTION]: The skill interacts with customer service data from Dixa, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data from customer conversations enters the agent context through
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the provided templates.
- Capability inventory: The skill is capable of reading from and writing to the Dixa API using CLI commands.
- Sanitization: There is no explicit mention of sanitizing or validating the data retrieved from Dixa before processing.
Audit Metadata