skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/weather-api/Gen Agent Trust Hub
weather-api
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data provided by the user in various formats to assess construction risks, representing an indirect prompt injection surface. Ingestion points: Project data and file paths provided by the user as described in instructions.md. Boundary markers: No specific delimiters or instructions to ignore embedded prompts are present in the code or instructions. Capability inventory: The skill has network and filesystem permissions (claw.json) and uses the requests and pandas libraries for data operations (SKILL.md). Sanitization: No input validation or sanitization for embedded instructions is implemented.
- [EXTERNAL_DOWNLOADS]: The skill fetches weather and historical climate data from the Open-Meteo public API (api.open-meteo.com). This is a well-known service used for retrieving environmental data.
Audit Metadata