chaport
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI (
membrane) to perform actions such as searching for connectors, managing connections, and executing API requests. These commands are standard for the skill's intended purpose of managing Chaport data. - [EXTERNAL_DOWNLOADS]: The instructions recommend the global installation of the
@membranehq/clipackage via NPM. This is a trusted resource provided by the skill's author to enable the integration's functionality. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from an external source.
- Ingestion points: Untrusted data enters the agent context from Chaport via commands like
membrane action run list-visitorsandmembrane action run list-chat-events(SKILL.md). - Boundary markers: The instructions do not define specific markers to delimit external data from agent instructions.
- Capability inventory: The skill includes the ability to perform write and delete operations, such as
send-message,update-visitor, anddelete-visitor(SKILL.md). - Sanitization: There are no documented sanitization or validation steps for data retrieved from the Chaport API.
Audit Metadata