intellexer-api
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is the official command-line interface provided by the skill's vendor (Membrane) for managing integrations and authentication. - [COMMAND_EXECUTION]: The skill instructions involve executing various
membraneCLI commands to perform tasks such as logging in, searching for connectors, and running API actions. This is the intended and standard method for using this skill. - [PROMPT_INJECTION]: Several actions, such as
summarize-url,get-topics-from-url, andparse-document-url, ingest data from external, potentially untrusted URLs. This creates a surface for indirect prompt injection, where an attacker could place malicious instructions within the content of a webpage to influence the agent's behavior. (Ingestion points: SKILL.md; Boundary markers: Absent; Capability inventory: CLI command execution and network proxying viamembrane request; Sanitization: Not explicitly defined).
Audit Metadata