beanstalk
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [METADATA_POISONING]: The description in the YAML frontmatter incorrectly lists CRM entities such as 'Deals' and 'Leads' as manageable objects, which is inconsistent with the skill's actual function of managing Beanstalk Git repositories.
- [EXTERNAL_DOWNLOADS]: The instructions direct the user to install the @membranehq/cli package via npm. This package is an official tool provided by the skill's vendor.
- [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to perform administrative tasks on the Beanstalk account, including repository and user creation or deletion.
- [DATA_EXFILTRATION]: The skill accesses and retrieves repository data, commit logs, and user account information from the Beanstalk service.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted external data that could contain instructions and possesses high-privilege capabilities.
- Ingestion points: list-changesets, get-code-review, and list-repositories (SKILL.md).
- Boundary markers: None identified in the instructions.
- Capability inventory: create-repository, delete-repository, create-user, and delete-user (SKILL.md).
- Sanitization: No sanitization or validation logic is specified for the ingested content.
Audit Metadata