Stackshare

The skill instructions in SKILL.md require the agent to perform high-risk actions, including installing a global npm package (@membranehq/cli), executing shell commands, and making network requests. While these actions are aligned with the stated purpose of integrating with StackShare via the Membrane platform, the reliance on shell execution and external network access constitutes a risky capability set. Additionally, the instructions for running actions with JSON input could lead to shell injection vulnerabilities if the agent fails to sanitize user-provided parameters.