applicantstack
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource used for the integration.\n- [COMMAND_EXECUTION]: The skill uses themembraneCLI to perform various authenticated API operations, such as listing actions and running requests. This is the intended behavior of the integration.\n- [PROMPT_INJECTION]: The skill creates an ingestion surface for indirect prompt injection by fetching and processing data from the ApplicantStack tracking system.\n - Ingestion points: Data is ingested through commands like
membrane action runandmembrane requestdocumented inSKILL.md.\n - Boundary markers: The documentation lacks instructions for the agent to use boundary markers or to treat the external data as potentially untrusted.\n
- Capability inventory: The skill allows the agent to execute commands and perform network operations using the
membraneCLI.\n - Sanitization: No sanitization or validation logic is specified for the data retrieved from the ApplicantStack API.
Audit Metadata