chatwork
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage globally via npm. This package is an official tool provided by the skill's author to facilitate secure interactions with the Membrane platform.\n- [COMMAND_EXECUTION]: Executes various shell commands using themembraneCLI to manage user sessions, search for connectors, establish connections, and perform API operations on Chatwork.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from Chatwork messages, which could potentially contain instructions designed to influence the agent's logic (Indirect Prompt Injection).\n - Ingestion points: API response data from message-related actions like
list-messagesandget-messagedocumented inSKILL.md.\n - Boundary markers: None identified in the skill instructions.\n
- Capability inventory: Shell command execution capabilities provided through the
membraneCLI across multiple actions inSKILL.md.\n - Sanitization: No sanitization, escaping, or validation of the retrieved message content is documented.
Audit Metadata