stein
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) from the public npm registry. This is an expected tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to perform operations such as logging in, creating connections, and running actions. These commands are used according to the vendor's intended integration workflow. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted data from external spreadsheets.
- Ingestion points: Data returned from Stein actions via
membrane action runas described in SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided for processed spreadsheet data in the current documentation.
- Capability inventory: The agent can execute shell commands via the Membrane CLI and create new actions on the platform (documented in SKILL.md).
- Sanitization: No explicit sanitization or filtering of the content retrieved from external spreadsheets is described.
Audit Metadata