weather
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The provided skill consists solely of a markdown definition file (SKILL.md) and does not include any executable scripts, binaries, or configuration files that could hide malicious logic.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly requests the 'POLY_API_KEY' through environment variable gating ('gates.envs') rather than hardcoding sensitive information.
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest external data from NOAA and Polymarket APIs to make financial decisions.
- Ingestion points: Data from external NWS and Polymarket API responses.
- Boundary markers: Not specified in the markdown metadata.
- Capability inventory: Capability to execute financial bets ('/weather bet') and automated trading ('/weather auto').
- Sanitization: No explicit sanitization or validation of the external API content is mentioned in the documentation.
Audit Metadata