weather
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): Uses
curlto fetch data fromwttr.inandapi.open-meteo.com. While these are external domains, they are reputable public APIs and their use is consistent with the skill's primary purpose. No remote code execution patterns detected. - COMMAND_EXECUTION (SAFE): Utilizes
curlfor network requests as defined in the metadata. No instances of piping output to a shell or executing arbitrary commands were found. - DATA_EXFILTRATION (SAFE): No sensitive local data, environment variables, or hardcoded credentials are accessed or transmitted. The network activity is limited to fetching weather information.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes data from external APIs.
- Ingestion points: wttr.in and api.open-meteo.com.
- Boundary markers: Absent.
- Capability inventory: curl (network read), file-write to /tmp/weather.png.
- Sanitization: Absent.
- Risk assessment: While an upstream compromise could introduce malicious text into the agent's context, the lack of dangerous capabilities (like eval or file writing to sensitive system paths) makes the actual risk negligible.
Audit Metadata