idx-broker
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clitool from the npm registry to enable interaction with the Membrane platform. - [COMMAND_EXECUTION]: Shell commands are used to manage the lifecycle of IDX Broker connections and to execute API actions via the
membraneCLI tool. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from the IDX Broker API, such as lead information and property notes.
- Ingestion points: External data retrieved from IDX Broker API endpoints (e.g.,
list-leads,get-lead-note). - Boundary markers: None present to delineate or ignore instructions within the retrieved data.
- Capability inventory: The skill utilizes shell execution capabilities via the
membraneCLI. - Sanitization: No explicit validation or sanitization of the external data is performed before processing.
Audit Metadata