helpwise
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official Membrane CLI (
@membranehq/cli) via npm. This package is a verified resource provided by the vendor (membranedev) to facilitate secure integrations. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI for operational tasks, including logging in, connecting to Helpwise, and searching for or executing actions. These commands are standard for the skill's intended functionality and do not involve unauthorized privilege escalation. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from Helpwise (such as emails, chat messages, and contact details) which could contain malicious instructions.
- Ingestion points: Data retrieved from Helpwise through actions like
list-conversations,get-conversation, andlist-contacts(SKILL.md). - Boundary markers: The instructions do not specify explicit delimiters or 'ignore embedded instructions' warnings when handling content from the Helpwise API.
- Capability inventory: The agent has the ability to run sensitive actions (e.g.,
reply-to-conversation,delete-conversation) and create new dynamic actions usingmembrane action create(SKILL.md). - Sanitization: No explicit sanitization or filtering of incoming Helpwise data is mentioned in the skill documentation.
Audit Metadata