chatbotkit
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry to facilitate interaction with the platform. - [COMMAND_EXECUTION]: Various CLI commands using the
membranetool are documented for managing connections, searching for actions, and interacting with the ChatBotKit API. - [DATA_EXFILTRATION]: While the skill retrieves data from external sources (ChatBotKit), it does so through an authenticated proxy managed by the vendor, which aligns with its primary purpose of data management.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes data from ChatBotKit conversations and datasets; however, it includes security best practices such as avoiding manual credential handling.
Audit Metadata