trengo
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally from the NPM registry, which is the official tool provided by the vendor for managing integrations.\n- [COMMAND_EXECUTION]: Extensive use of the 'membrane' CLI is documented for managing user sessions, service connections, and running integration actions.\n- [REMOTE_CODE_EXECUTION]: The skill utilizes 'membrane action create', a feature that allows for dynamic generation and deployment of integration logic on the Membrane platform based on natural language descriptions.\n- [PROMPT_INJECTION]: The skill presents an inherent surface for indirect prompt injection as it processes data from Trengo communication channels.\n
- Ingestion points: Customer messages and channel data retrieved via action execution (e.g., in SKILL.md through 'membrane action run').\n
- Boundary markers: None explicitly defined in the provided instruction patterns.\n
- Capability inventory: The agent can execute 'membrane' commands to read, write, or create actions, providing significant interaction depth with the Trengo account.\n
- Sanitization: Relies on the security architecture of the Membrane platform and the agent's internal safety filters.
Audit Metadata