chaport
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the @membranehq/cli package, which is an official tool provided by the vendor (membrane) for managing integrations.
- [COMMAND_EXECUTION]: It utilizes the membrane CLI to perform standard API operations such as listing visitors and sending messages. These commands are consistent with the skill's stated purpose.
- [CREDENTIALS_UNSAFE]: The skill adheres to security best practices by using a secure login flow (membrane login) and explicitly advising against the manual handling or hardcoding of API keys.
- [PROMPT_INJECTION]: The skill facilitates reading external data from Chaport (ingestion: membrane action run in SKILL.md), which represents an indirect prompt injection surface; however, it lacks autonomous execution capabilities (boundaries: none; capability: CLI network requests; sanitization: none).
Audit Metadata