chatwoot
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill enables the agent to ingest customer-provided content (messages, profiles) from the Chatwoot API, posing a risk of indirect prompt injection.\n
- Ingestion points: Untrusted data enters the agent context via API responses from app.chatwoot.com (contacts, conversations, and messages endpoints).\n
- Boundary markers: The skill does not provide delimiters or specific instructions for the agent to distinguish between trusted system commands and untrusted external message content.\n
- Capability inventory: The skill utilizes curl for network operations and jq for parsing and processing the external data.\n
- Sanitization: There is no evidence of sanitization or validation performed on the external data before it is presented to the agent.\n- [COMMAND_EXECUTION]: Standard command-line utilities (curl and jq) are used to perform API calls and process data responses.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the official service domain app.chatwoot.com for its primary functionality.
Audit Metadata