aerisweather
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' Node.js package. This is a recognized vendor resource from the author 'membranedev' used to facilitate integration with the Membrane platform.
- [COMMAND_EXECUTION]: The skill utilizes 'membrane' CLI commands to manage user authentication, search for weather actions, and perform API requests. These commands are part of the intended functionality for interacting with the service.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves and processes external weather data. * Ingestion points: Data is retrieved through the 'membrane action run' and 'membrane request' commands mentioned in SKILL.md. * Boundary markers: No specific boundary markers or instructions to ignore embedded content are present in the skill documentation. * Capability inventory: The skill uses 'membrane' CLI commands to perform network requests and data retrieval as documented in SKILL.md. * Sanitization: No explicit sanitization or filtering of the external API responses is described.
Audit Metadata