openweather-api-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The skill possesses an indirect prompt injection vulnerability surface. • Ingestion points: External tool schemas and recommended execution plans are retrieved via RUBE_SEARCH_TOOLS (SKILL.md). • Boundary markers: Absent; there are no instructions or delimiters to isolate the agent from potentially malicious commands within the retrieved schemas. • Capability inventory: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH provide capabilities to execute varied API operations. • Sanitization: Absent; the skill does not specify any validation or sanitization for data returned by the search tool.
- [No Code] (SAFE): The skill is strictly documentation-based and does not package any Python, JavaScript, or binary executables.
Audit Metadata