dashbotio
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents the installation of the official @membranehq/cli package from the npm registry, which is used to manage interactions with the Dashbot.io connector.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to execute commands such as login, connect, action run, and request, allowing the agent to manage conversational analytics data.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to integrations that ingest external API data into the agent context. * Ingestion points: Untrusted data from Dashbot.io enters the context via the output of membrane action run and membrane request commands in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat API responses as untrusted data. * Capability inventory: The agent has the ability to execute shell commands via the membrane CLI and perform authenticated network requests to the Dashbot.io API. * Sanitization: The skill does not implement or describe any sanitization, validation, or escaping mechanisms for the data retrieved from external endpoints.
Audit Metadata