chatwoot-cli
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is the official documentation for the chatwoot-cli, and all links point to legitimate vendor-owned resources.
- [PROMPT_INJECTION]: The skill involves reading customer-provided message content, which poses a risk for indirect prompt injection.
- Ingestion points: External data enters the context through conversation and message retrieval commands such as
chatwoot conv <id> messages. - Boundary markers: There are no technical delimiters defined to isolate untrusted data from the agent's instructions.
- Capability inventory: The agent possesses write capabilities (replies, resolution, labeling) that could be manipulated by content within processed messages.
- Sanitization: No data sanitization is performed, but the skill includes a strong 'Safety' rule requiring human approval for any impactful or customer-visible action, which mitigates autonomous exploitation.
Audit Metadata