chatbotkit
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry, which is a resource provided by the skill's author to interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI for various operations including authentication (membrane login), connection management (membrane connect), and executing actions (membrane action run). - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection.
- Ingestion points: Untrusted content from ChatBotKit—specifically messages, conversation history, and dataset articles—enters the agent's context through the output of
membrane action runcommands. - Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings when the agent processes retrieved ChatBotKit data.
- Capability inventory: The skill possesses the ability to execute shell commands via the Membrane CLI and can dynamically create new actions based on natural language descriptions.
- Sanitization: There is no evidence of content validation or escaping of the data retrieved from external ChatBotKit sources before it is utilized by the agent.
Audit Metadata