threat-stack
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the official npm registry. This is a standard procedure for using the vendor's command-line interface to manage integrations. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to authenticate users, list connections, and execute actions. These commands are restricted to the functionality provided by the Membrane platform. - [DATA_EXPOSURE]: The skill processes security data from Threat Stack, including alerts and observations. The instructions follow best practices by delegating credential management to the Membrane platform rather than handling secrets locally.
- [REMOTE_CODE_EXECUTION]: The
membrane action createcommand allows for the dynamic generation of integration logic based on natural language descriptions. This behavior is a core feature of the Membrane platform for building automated workflows.
Audit Metadata