vision-helpdesk
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the official
@membranehq/clitool via npm. This is a vendor-provided dependency required for the skill to function within the Membrane ecosystem. - [COMMAND_EXECUTION]: The instructions involve executing various terminal commands using the
membraneCLI to authenticate, connect to services, and run automation actions. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process data from external helpdesk sources.
- Ingestion points: Untrusted data is retrieved from Vision Helpdesk tickets, articles, and notes through actions executed by the agent.
- Boundary markers: The skill does not explicitly define delimiters or specific instructions to the agent to isolate external content from its primary execution logic.
- Capability inventory: The agent can run Membrane actions, which may involve network requests or data modifications across various connected services.
- Sanitization: There are no documented procedures for sanitizing or validating the data retrieved from the helpdesk before it is processed by the AI agent.
Audit Metadata