weather
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The script
weather_tool.pyperforms network requests toapi.open-meteo.comandgeocoding-api.open-meteo.com. These are external domains not included in the pre-approved trust whitelist. - [INDIRECT_PROMPT_INJECTION] (INFO): The skill displays content directly from an external API, creating a surface for indirect prompt injection. 1. Ingestion points: JSON responses from the Open-Meteo API in
weather_tool.py. 2. Boundary markers: None present. 3. Capability inventory: Limited to console output viaprint()statements. No file-write, command-execution, or network-write capabilities identified. 4. Sanitization: The tool parses structured JSON but does not sanitize the string values (e.g., city names, weather descriptions) before outputting them to the agent context.
Audit Metadata