chatfuel
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to perform operations such as managing connections, discovering available actions, and executing tasks on the Chatfuel platform. This is a standard and secure method for delegating API interactions to a managed service. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official npm registry. This package is the legitimate CLI tool provided by the vendor (membranedev) for their platform. - [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing natural language strings for action discovery and creation. This is an inherent feature of the platform's functionality.
- Ingestion points: Untrusted data enters the context via the
--intent "QUERY"andmembrane action create "DESCRIPTION"arguments inSKILL.md. - Boundary markers: No explicit boundary markers or delimiters are defined in the command examples.
- Capability inventory: The skill provides the ability to execute generated actions via
membrane action runas documented inSKILL.md. - Sanitization: No client-side sanitization is performed in the instructions; the skill relies on the Membrane platform to handle validation and safe execution.
Audit Metadata