landbot
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm. This is a legitimate vendor resource provided by the author to enable communication with the Membrane platform. - [COMMAND_EXECUTION]: The skill executes multiple shell commands using the
membraneCLI to handle authentication, manage connections, and execute actions. These commands are necessary for the skill's primary function and use the vendor's official tooling. - [DATA_EXFILTRATION]: Sensitive credentials are not stored or requested by the skill; instead, it uses
membrane loginto handle authentication server-side, which is a secure method for managing access tokens without exposing them to the agent context. - [PROMPT_INJECTION]: The skill processes external data retrieved from Landbot, such as customer messages and profiles. This creates an indirect prompt injection surface where malicious data from a chatbot conversation could attempt to influence the agent's behavior. The agent should be configured to treat all data returned from Landbot actions as untrusted.
Audit Metadata