ibm-x-force-exchange
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the official npm registry. This is a recognized vendor resource for managing Membrane platform integrations.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI for operational tasks, including authentication (membrane login), connection management, and executing API actions.
- [SAFE]: The skill processes external threat intelligence data (Ingestion points: IBM X-Force Exchange API via SKILL.md). While explicit boundary markers and sanitization logic are not detailed in the instructions, the use of structured JSON outputs and the inherent nature of the threat analysis use case categorize the indirect prompt injection risk as low. Capability inventory: Execution of membrane CLI commands and network proxying via the Membrane platform.
Audit Metadata