caiyun-weather

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow and code (scripts/query_weather.py and SKILL.md) fetch and ingest live data from the public Caiyun API (GET https://api.caiyunapp.com/v2.6/{API_KEY}/{lon},{lat}/weather) and explicitly instruct the agent to read and summarize fields like result.forecast_keypoint and result.hourly.description, meaning untrusted third-party text from the API can directly influence the agent's outputs and behavior.