helpspace
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves and processes untrusted data from Helpspace.
- Ingestion points: Untrusted data enters the agent context via actions such as
list-tickets,get-ticket,list-ticket-messages, andlist-customersinSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present to isolate external content from system instructions.
- Capability inventory: The skill has the capability to run shell commands (
membrane action run) and make network requests (membrane request) based on processed data. - Sanitization: No input validation or content sanitization is described for the data retrieved from the Helpspace API.
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with Helpspace, including commands for authentication, connection management, and executing API actions. This is the intended behavior for this integration. - [EXTERNAL_DOWNLOADS]: The documentation instructs users to install the
@membranehq/clipackage globally via npm. This is a vendor-owned package from the author (membranedev) required for the skill's operation.
Audit Metadata