avochato
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from NPM. This is a utility provided by the skill's vendor to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI tool to perform various operations, including authenticating users, searching for API connectors, and executing actions against the Avochato API. - [DATA_EXFILTRATION]: Communicates with Avochato's API endpoints. This interaction is mediated by the Membrane platform, which manages credentials and tokens server-side to prevent local exposure of sensitive keys.
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk:
- Ingestion points: The skill retrieves untrusted data from external sources via actions like
list-messages,get-message, andsearch-contacts(File: SKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat retrieved message content as untrusted data.
- Capability inventory: The skill has the ability to perform state-changing operations such as
send-message,close-ticket, and arbitrary API requests viamembrane request(File: SKILL.md). - Sanitization: There is no evidence of sanitization or filtering of the text retrieved from the Avochato platform before it is processed by the agent.
Audit Metadata