mixmax
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides instructions for interacting with the MixMax API using the
membranecommand-line interface. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned tool used to facilitate API interactions. - [INDIRECT_PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection as it processes data retrieved from MixMax (such as email messages, templates, and sequences).
- Ingestion points: Data enters via
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The skill uses the
membraneCLI to execute system commands (SKILL.md). - Sanitization: No explicit sanitization or validation of the retrieved content is mentioned before it is processed by the agent.
Audit Metadata