uchat
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the npm registry. This is a legitimate dependency provided by the vendor for platform interaction. - [COMMAND_EXECUTION]: Shell commands are used to interact with the
membraneCLI for logging in, managing connections, and executing Uchat actions. These are restricted to the official vendor toolchain and represent intended functionality. - [CREDENTIALS_UNSAFE]: No sensitive credentials or API keys are hardcoded. The skill explicitly delegates authentication to the Membrane platform, ensuring secrets are managed server-side and not exposed within the skill code or agent environment.
- [PROMPT_INJECTION]: The skill interacts with Uchat data (messages and conversations), which creates a potential surface for indirect prompt injection. However, the risk is minimal as the skill acts as a standard integration wrapper without dangerous autonomous capabilities.
Audit Metadata