Skills
skills/membranedev/application-skills/comeet/Gen Agent Trust Hub

comeet

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from npm. This is a vendor-provided tool (owned by membranedev) used to facilitate the connection to the Comeet API and manage authentication.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from the Comeet API, which is an external source.
  • Ingestion points: Output from membrane action run commands (SKILL.md).
  • Boundary markers: Absent. The skill provides instructions on running actions but does not specify delimiters for wrapping the resulting data.
  • Capability inventory: The skill is limited to running actions via the Membrane CLI, which are pre-built or dynamically generated on the Membrane platform. No direct shell access or arbitrary code execution is present in the skill files.
  • Sanitization: Not specified; the skill relies on the agent to interpret structured JSON output from the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:59 AM