wonderchat
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands using the
membraneCLI tool. These commands include authenticating (membrane login), searching for integrations (membrane search), and executing specific API actions (membrane action run). - [EXTERNAL_DOWNLOADS]: The instructions guide the installation of the
@membranehq/clipackage from the NPM registry and the use ofnpxto execute the latest version of the CLI. These resources are provided by the skill's author to interface with their platform. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes data from external sources (Wonderchat API conversations and user records).
- Ingestion points: Untrusted data enters the agent context through the terminal output of
membrane action runandmembrane requestcommands. - Boundary markers: The instructions lack specific markers or delimiters to help the agent distinguish between its instructions and potentially malicious content within the retrieved data.
- Capability inventory: The skill has the capability to execute further actions and make network requests via the
membraneCLI based on processed data. - Sanitization: No sanitization, filtering, or validation steps are defined for the data fetched from the external service before it is presented to the agent.
Audit Metadata