Skills
skills/membranedev/application-skills/herobot-chatbot-marketing/Gen Agent Trust Hub

herobot-chatbot-marketing

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry. This is the official command-line tool for the Membrane platform, provided by the vendor.
  • [COMMAND_EXECUTION]: The integration relies on shell commands like membrane login, membrane connect, and membrane action run to manage authentication and interact with the HeroBot API.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes the membrane action create feature, which dynamically generates and deploys integration logic on the Membrane platform based on natural language descriptions. This behavior is the primary intended use of the platform's integration building capabilities.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection given its capabilities and data ingestion points.
  • Ingestion points: External data such as user profiles, lead information, and message content retrieved from the HeroBot API via membrane action run.
  • Boundary markers: None present; the agent is not instructed to use specific delimiters or ignore instructions embedded within the API responses.
  • Capability inventory: The skill can perform write operations (e.g., send-message, create-user) and execute arbitrary actions created through the CLI.
  • Sanitization: There is no explicit mention of data sanitization or validation processes for the content received from the external service.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 05:37 PM