botconversa
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally using npm. This is a vendor-provided tool necessary for the skill's functionality. - [COMMAND_EXECUTION]: It uses the
membraneCLI to perform authentication, manage platform connections, and execute remote actions. This includes dynamically creating actions based on natural language descriptions. - [PROMPT_INJECTION]: The skill processes external data from BotConversa (e.g., messages and subscriber info) which represents a surface for Indirect Prompt Injection.
- Ingestion points: Output from
membrane action runin SKILL.md. - Boundary markers: Absent; there are no specific delimiters used to wrap external content or instructions for the agent to ignore instructions within that content.
- Capability inventory: Subprocess execution via
membraneCLI in SKILL.md, which includes capabilities to write data back to the external platform. - Sanitization: Absent; the skill does not specify any validation or filtering of the data retrieved from the external API.
Audit Metadata