uchat
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with Uchat APIs. This includes administrative tasks likemembrane loginandmembrane connect, as well as operational tasks likemembrane action runandmembrane requestfor proxying API calls. These commands are standard for the platform and originate from the skill's authoring vendor. - [EXTERNAL_DOWNLOADS]: The skill requires the
@membranehq/cliNPM package, which is the official tool provided by the vendor. It is used to facilitate secure communication and credential management for the integration. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external data from Uchat (e.g., messages and user records) entering the agent's context through
membrane action runcommands. In the current configuration, the skill does not specify explicit boundary markers or sanitization for this ingested content, though this is a standard design for API-driven chat integrations.
Audit Metadata