helpspace
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is a vendor-owned tool (Membrane) required to facilitate the integration and authentication process. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI for several operations, including logging in (membrane login), connecting to services (membrane connect), and executing API actions (membrane action run). These commands are the intended method for interacting with the Helpspace API through the Membrane platform. - [DATA_EXFILTRATION]: Network operations are performed via the
membraneCLI to transfer data to and from the Helpspace API. This includes retrieving tickets, messages, and customer information, which is the primary purpose of the skill. Authentication is handled securely by the platform's proxy system. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes data retrieved from an external source (Helpspace tickets and messages).
- Ingestion points: Content from Helpspace tickets, messages, tasks, and customer profiles enters the agent's context via
membrane action runandmembrane requestoutputs. - Boundary markers: Absent. No specific delimiters or instructions are provided to help the agent distinguish between Helpspace data and its own system instructions.
- Capability inventory: The agent has the ability to execute shell commands (via the Membrane CLI), perform network requests, and create or delete resources in Helpspace.
- Sanitization: Absent. Content retrieved from the API is not explicitly sanitized or filtered for instructions before being presented to the agent.
Audit Metadata