stackstate
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install and use the
@membranehq/clipackage from NPM. This is the official command-line interface provided by the skill's author to manage integrations. - [COMMAND_EXECUTION]: Various shell commands using the
membraneCLI are used to search for connectors, list actions, and execute integration workflows. These operations are consistent with the skill's described purpose of observability platform management. - [SAFE]: The skill explicitly promotes security best practices by advising the agent to use managed connections instead of requesting raw API keys or tokens from the user, effectively reducing the risk of credential exposure.
- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes data from external API responses and action schemas.
- Ingestion points: Data retrieved from StackState API endpoints and action metadata retrieved via the
membraneCLI (SKILL.md). - Boundary markers: Absent; the instructions do not specify delimiters for external data.
- Capability inventory: Subprocess execution via the
membraneCLI (SKILL.md). - Sanitization: Not specified; the skill relies on the CLI's standard output handling.
Audit Metadata