Skills
skills/agairola/life-skills/air-quality/Gen Agent Trust Hub

air-quality

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs a local Python script scripts/air_quality.py using uv run to perform data retrieval and location processing.
  • [EXTERNAL_DOWNLOADS]: The script depends on the httpx library, which is a standard package for making HTTP requests.
  • [DATA_EXFILTRATION]: The script performs network requests to data.airquality.nsw.gov.au for air quality data and uses ip-api.com and openstreetmap.org for geolocation services. Additionally, it initiates a local web server on a random port to capture user-consented browser geolocation data.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection due to its data ingestion pattern. 1. Ingestion points: Data is fetched from the external NSW Air Quality API. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are included in the script's output. 3. Capability inventory: The skill utilizes the Bash and Read tools. 4. Sanitization: The script does not perform textual sanitization or validation of the content retrieved from the external API to prevent potential instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 06:59 AM