stockly
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the npm registry. This is the official command-line interface provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill functions by executing various shell commands via the
membraneCLI to authenticate, search for actions, and interact with the Stockly API. This is the primary intended mechanism for the skill's operation. - [PROMPT_INJECTION]: The skill processes data retrieved from the Stockly API. While this creates a surface for indirect prompt injection if the external data contains instructions, the skill recommends using structured pre-built actions which reduces the risk of malicious payload execution.
Audit Metadata