Skills
skills/membranedev/application-skills/restack/Gen Agent Trust Hub

restack

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package globally via npm to enable integration logic. This is a vendor-provided tool from the skill author's organization.
  • [COMMAND_EXECUTION]: Utilizes the membrane CLI for operations including authentication, connector discovery, and executing API actions. These commands are necessary for the skill's primary functionality.
  • [SAFE]: Implements secure secret management by utilizing the Membrane platform as an authentication proxy, ensuring that API keys and tokens are never handled or stored locally by the agent.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing data retrieved from the Restack API.
  • Ingestion points: Data retrieved through membrane action run and membrane request commands.
  • Boundary markers: Absent; there are no specific markers used to delimit external data from agent instructions.
  • Capability inventory: The skill has the capability to execute shell commands via the membrane CLI.
  • Sanitization: No explicit sanitization or filtering of the API response data is implemented within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 12:50 AM