gupshup
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a vendor-owned resource belonging to the Membrane platform and is used for secure API interaction. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as logging in, connecting to Gupshup, and executing actions like sending messages. These commands are part of the intended functionality of the integration. - [PROMPT_INJECTION]: The skill facilitates interaction with Gupshup, which involves processing external messaging data. This creates an indirect prompt injection surface.
- Ingestion points: External data is ingested through
membrane action runandmembrane request(e.g., retrieving message templates or business details). - Boundary markers: The instructions do not define specific boundary markers for separating retrieved data from agent instructions.
- Capability inventory: The skill includes capabilities to send various message types (text, media, stickers) through the Gupshup API.
- Sanitization: No explicit sanitization or filtering of the external data is performed within the skill definition.
Audit Metadata