Skills
skills/membranedev/application-skills/rex/Gen Agent Trust Hub

rex

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to interact with the Rex API. These commands are part of the intended integration logic and use the vendor's official toolset.
  • [EXTERNAL_DOWNLOADS]: The instructions include installing the @membranehq/cli package from the npm registry. This is an official tool provided by the vendor (membranedev) for the purpose of the integration.
  • [DATA_EXFILTRATION]: The skill transmits data to getrex.io and getmembrane.com. These are the legitimate service and platform domains associated with the skill's functionality. No unauthorized data exfiltration patterns were detected.
  • [PROMPT_INJECTION]: The skill ingests data from the external Rex API via membrane action run or membrane request, creating a surface for potential indirect prompt injection. However, the skill uses a controlled integration environment and does not exhibit direct injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 11:42 AM