zixflow
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/cliglobal NPM package and usesnpxto fetch the latest version. These resources are provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line tool to perform actions such as searching for connectors, managing connections, and executing Zixflow API requests. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) as it processes data retrieved from Zixflow.
- Ingestion points: Data from Zixflow enters the context through
membrane action runandmembrane requestoutput. - Boundary markers: No explicit instructions or delimiters are used to wrap or sanitize the retrieved content.
- Capability inventory: The agent is authorized to execute shell commands via the CLI and perform network operations.
- Sanitization: There is no documentation of validation or sanitization for the data returned by the API.
- [SAFE]: No malicious or suspicious patterns were detected. The skill correctly uses a centralized authentication system, which prevents the need for handling sensitive API credentials directly within the prompt or local environment.
Audit Metadata