2chat
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage via NPM. This is a verified resource from the author (membranedev) used to provide the skill's core functionality. - [COMMAND_EXECUTION]: The skill uses
membraneCLI commands to manage authentication, discover actions, and execute integrations. These are authorized and expected commands for the skill's purpose. - [CREDENTIALS_UNSAFE]: The skill follows secure credential management patterns by using the Membrane platform's authentication flow instead of requiring or storing API keys directly.
- [PROMPT_INJECTION]: The skill ingests data from 2Chat via action outputs, which is a potential surface for indirect prompt injection. However, this is managed as part of the normal operation of a data-fetching integration.
Audit Metadata