happyfox-chat
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the @membranehq/cli package from the NPM registry. This is the official command-line interface provided by the vendor to facilitate interaction with the Membrane platform.
- [COMMAND_EXECUTION]: Uses the membrane CLI to manage user sessions and execute API actions. This includes logging into the platform and running pre-defined or dynamically created actions to interact with HappyFox Chat data.
- [PROMPT_INJECTION]: The skill processes untrusted data from HappyFox Chat, such as message content and chat transcripts, which enters the agent context through membrane action run outputs. There are no explicit boundary markers or sanitization steps described to mitigate potential indirect prompt injection embedded in these external sources. The agent possesses capabilities to execute further CLI commands based on this data.
Audit Metadata