Skills
skills/membranedev/application-skills/stackshare/Gen Agent Trust Hub

stackshare

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform various tasks including authentication (membrane login), connection management (membrane connect), and running specific actions (membrane action run).
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the NPM registry, which is the official tool provided by the vendor for managing integrations.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill processes content from the StackShare API.
  • Ingestion points: Data enters the agent's context through the membrane action run and membrane request commands (SKILL.md).
  • Boundary markers: No delimiters or 'ignore' instructions are specified for handling data returned from the API.
  • Capability inventory: The skill can execute shell commands via the membrane CLI tool (SKILL.md).
  • Sanitization: There is no mention of sanitizing or validating the output from StackShare before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:10 PM