tawkto
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is the official command-line interface for the Membrane platform and is a trusted resource from the vendor. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform tasks such asmembrane login,membrane search,membrane connect, andmembrane action run. These commands are standard for managing integrations and executing actions within the Membrane ecosystem. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it retrieves data from Tawk.to. Ingestion points: External data from Tawk.to (e.g., chat messages, visitor details, tickets) enters the agent context through
membrane action runandmembrane requestas described inSKILL.md. Boundary markers: The instructions do not specify any delimiters or 'ignore embedded instructions' warnings for the data being processed. Capability inventory: The skill utilizes subprocess calls to themembraneCLI to interact with external APIs and services. Sanitization: There is no mention of sanitization, filtering, or validation of the retrieved Tawk.to content before it is processed by the agent.
Audit Metadata