weather
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
curlto perform HTTP requests for weather data and to save image files to temporary directories (e.g.,/tmp/weather.png). This behavior is consistent with its stated purpose. - [EXTERNAL_DOWNLOADS]: Fetches weather data from well-known services including
wttr.inandapi.open-meteo.com. These are recognized public APIs for weather information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external web services.
- Ingestion points: Output from
curlrequests towttr.inandapi.open-meteo.comis processed by the agent. - Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands within the weather data.
- Capability inventory: The skill is configured to use
curlfor network requests. - Sanitization: There is no evidence of sanitization or schema validation for the data returned by the external APIs.
Audit Metadata