Skills
skills/membranedev/application-skills/openweather-api/Gen Agent Trust Hub

openweather-api

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package globally using npm to facilitate communication with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI and npx to execute commands for session management, connection status polling, and API action execution.
  • [DATA_EXFILTRATION]: Indirect prompt injection attack surface identified (Category 8). The skill ingests untrusted data from the external OpenWeather API which is then processed by the agent.
  • Ingestion points: API responses from OpenWeather endpoints (e.g., weather forecasts, air pollution data) as described in SKILL.md.
  • Boundary markers: None present; the skill does not instruct the agent to use specific delimiters or ignore instructions within the API response.
  • Capability inventory: The skill allows subprocess execution of the membrane CLI and proxy network requests through membrane request (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the external API content is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:27 PM