chattermill
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (@membranehq/cli) from the public npm registry. This is a legitimate tool provided by the skill's author for managing service integrations.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform administrative tasks such as logging in, connecting to Chattermill, and running pre-defined actions. These commands are standard for this integration's functionality and do not involve unauthorized privilege escalation.
- [PROMPT_INJECTION]: The skill processes customer feedback and survey data from Chattermill, which represents a potential surface for Indirect Prompt Injection.
- Ingestion points: feedback, surveys, and reviews data processed via 'membrane action run' (SKILL.md).
- Boundary markers: None explicitly mentioned in the skill text.
- Capability inventory: CLI command execution and network requests via 'membrane request' (SKILL.md).
- Sanitization: The skill relies on the official Membrane platform for data sanitization and execution safety.
Audit Metadata