chatwoot
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill fetches customer data and messages from an external API, creating a surface for indirect prompt injection if those sources are compromised. 1. Ingestion points: API responses from contact search, conversation lists, and message details. 2. Boundary markers: No delimiters or ignore instructions are used for external data. 3. Capability inventory: File system access (/tmp), network requests (curl), and shell execution (bash -c). 4. Sanitization: No escaping or validation is performed on retrieved content.
- Command Execution (SAFE): The skill uses curl and jq via bash -c. This is a standard pattern for the functionality and does not involve privilege escalation.
- Data Exposure & Exfiltration (SAFE): API tokens are managed via secrets, and network communication is restricted to the user-provided base URL.
Audit Metadata