stack-ai
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI to manage connections and execute actions against the Stack AI API.
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool from the npm registry.
- [PROMPT_INJECTION]: The skill processes data from external API responses, creating a surface for indirect prompt injection. Ingestion points: Results from 'membrane action run' and 'membrane request' commands. Boundary markers: None present in instructions. Capability inventory: Shell command execution via the 'membrane' CLI. Sanitization: Not explicitly specified in the instructions.
- [SAFE]: The skill adheres to security best practices by delegating credential management to a managed service and avoiding the use of hardcoded secrets or direct API key requests.
Audit Metadata