botpress
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI package (@membranehq/cli) from the NPM registry. This is a standard dependency for the integration.
- [COMMAND_EXECUTION]: The skill uses shell commands via the membrane CLI to perform tasks such as authentication, listing connections, and running Botpress actions.
- [DYNAMIC_EXECUTION]: The membrane action create command allows for the generation of new integration actions based on natural language descriptions. This process is handled by the Membrane platform and is a core feature of the service.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from Botpress. Ingestion points: Botpress user, conversation, and message data. Boundary markers: None present. Capability inventory: Command execution via membrane CLI. Sanitization: No explicit sanitization of external content is described.
Audit Metadata