memberstack
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm. This is a vendor-owned tool required for the skill's core functionality. - [COMMAND_EXECUTION]: The skill executes various shell commands using the
membraneCLI, includingmembrane login,membrane connect, andmembrane action run. These commands involve network operations and authentication management. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where instructions could be embedded in the data retrieved from Memberstack or action definitions.
- Ingestion points: Data and schema definitions returned from
membrane action list,membrane action get, and the results ofmembrane action run. - Boundary markers: Absent. The skill instructions do not provide delimiters or warnings to the agent about treating tool outputs as untrusted data.
- Capability inventory: Global package installation (
npm install -g), authentication management (membrane login), and remote action execution (membrane action run) which can modify Memberstack state. - Sanitization: None. The agent is encouraged to use natural language intent to search and execute actions based on metadata returned from the CLI.
Audit Metadata