pirate-weather
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the official Membrane CLI package (@membranehq/cli) via the npm registry to enable communication with the Membrane platform.
- [COMMAND_EXECUTION]: The instructions utilize various membrane CLI commands for authentication, action management, and execution of weather data requests. These commands are localized to the tool's environment and intended functionality.
- [PROMPT_INJECTION]: The skill allows for the creation of new actions based on natural language descriptions, which represents an indirect prompt injection surface.
- Ingestion points: The DESCRIPTION argument in the membrane action create command in SKILL.md.
- Boundary markers: No specific delimiters are defined in the instructions for the description input to prevent the agent from obeying instructions embedded in user data.
- Capability inventory: The skill has the ability to run these generated actions via membrane action run.
- Sanitization: Processing and validation of these descriptions are performed server-side by the Membrane platform.
Audit Metadata