expedy
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal npm package, which is the official tool provided by the vendor to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to manage user sessions and perform operations on the Expedy API, including authentication and action execution. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by ingesting and processing data from the Expedy API, such as device status and scan results. Ingestion points: Data returned from
membrane action runandmembrane requestcalls. Boundary markers: None present. Capability inventory: CLI subprocess execution and network proxying via the Membrane platform. Sanitization: No explicit data validation or escaping is described for external API responses.
Audit Metadata