memberstack-admin-api
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of Markdown documentation and reference files. It does not include executable scripts, binaries, or configuration files that would require runtime execution.
- [Data Exfiltration] (LOW): The skill facilitates network requests to
admin.memberstack.com. While this is the legitimate endpoint for the Memberstack service, the domain is not included in the predefined whitelist of trusted domains. No access to sensitive local files was detected, and the skill provides secure guidance for handling API keys. - [Prompt Injection] (LOW): The skill describes the processing of external, untrusted data from the Memberstack API, which presents a surface for indirect prompt injection.
- Ingestion points: Member metadata, custom fields, and data table records retrieved via API endpoints (documented in
references/memberstack-member-actions.mdandreferences/memberstack-data-tables.md). - Boundary markers: The skill does not recommend the use of delimiters or specific instructions to isolate API-sourced data from the agent's control logic.
- Capability inventory: The agent is guided on how to perform destructive and state-changing operations, such as deleting members or updating database records, based on the data it retrieves.
- Sanitization: No explicit sanitization or validation logic is provided for the data returned by the API before it is processed by the agent.
Audit Metadata