lexoffice
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external Lexoffice API responses which could contain malicious instructions.
- Ingestion points: Data retrieved through actions such as
list-invoices,get-contact, or direct proxy requests. - Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to wrap it in specific delimiters.
- Capability inventory: The skill utilizes the
membraneCLI to execute actions and make network requests. - Sanitization: No sanitization or validation steps are defined for the data returned from the API.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clitool from the NPM registry. - [COMMAND_EXECUTION]: The skill heavily relies on executing the
membranecommand-line utility to manage connections, search for actions, and run API requests.
Audit Metadata