memberstack-cli
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes
npx memberstack-clito execute commands. While this involves downloading the package from the NPM registry, it is the standard method for using the tool and is managed via a controlled wrapper script. - INDIRECT_PROMPT_INJECTION (LOW): The skill identifies that data returned from the Memberstack API (like member names or record content) is untrusted user-generated content. It mitigates this via a wrapper script (
run_memberstack.py) that implements: - Ingestion points: CLI output from
memberstack-cliand reference content fromsearch_references.py. - Boundary markers: Output is wrapped in
--- BEGIN MEMBERSTACK CLI OUTPUT ---markers. - Capability inventory: The agent can execute Memberstack CLI commands via
subprocess.run(without shell=True). - Sanitization: A regex-based sanitizer (
_INJECTION_RE) checks for and removes common prompt injection patterns (e.g., 'ignore previous instructions') from the output and documentation before the agent processes it. - CREDENTIALS_UNSAFE (SAFE): The skill proactively blocks attempts to access local authentication files (e.g.,
~/.memberstack/auth.json) by checking command arguments in the wrapper script and explicitly forbidding the agent from reading these files in theSKILL.mdinstructions. - COMMAND_EXECUTION (SAFE): Command execution is restricted to the specific Memberstack CLI utility through a Python wrapper that validates arguments against sensitive file paths and enforces a confirmation step for destructive commands.
Audit Metadata