Skills
skills/membranedev/application-skills/aerisweather/Gen Agent Trust Hub

aerisweather

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a global Node.js package (@membranehq/cli@latest) from the NPM registry to enable its functionality.
  • [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands via the membrane CLI tool, including logging in, connecting to services, and running actions.
  • [COMMAND_EXECUTION]: The membrane action create command implements dynamic execution by generating and building new code logic (actions) at runtime based on natural language descriptions.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external weather data from the AerisWeather API and takes user-provided descriptions to generate executable actions.
  • Ingestion points: Weather data from AerisWeather APIs; intent strings in membrane action list; and descriptions in membrane action create (SKILL.md).
  • Boundary markers: The skill suggests using the --json flag to enforce structured data boundaries for machine readability.
  • Capability inventory: Subprocess execution of the membrane CLI and network operations via API connectors (SKILL.md).
  • Sanitization: The skill delegates authentication and connection management to the Membrane platform but does not explicitly define sanitization for the content of generated actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 10:19 AM
Security Audit — agent-trust-hub — aerisweather