landbot
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the "@membranehq/cli" package from the NPM registry, which is the official tool provided by the skill's author for interacting with the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses the "membrane" CLI to perform discovery, connection, and action execution tasks. These operations are essential for the integration's functionality and are performed through a managed platform.
- [PROMPT_INJECTION]: The skill retrieves and processes external data from Landbot, such as customer information and messages, which constitutes an indirect prompt injection surface. 1. Ingestion points: Output from Landbot actions like "list-customers" and "get-customer". 2. Boundary markers: No delimiters or "ignore instructions" warnings are used for the external data. 3. Capability inventory: The skill has the ability to run shell commands and make network requests. 4. Sanitization: No explicit filtering or validation of external content is described in the instructions.
Audit Metadata