weather
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill makes network requests to
wttr.inandapi.open-meteo.comusingcurl. While these are well-known public weather services, they are not part of the explicitly trusted organization whitelist. - [PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection (Category 8) as it ingests and displays content from external websites. Evidence:
- Ingestion points: Data retrieved via
curlfromwttr.inandopen-meteo.com. - Boundary markers: Not present in the command examples.
- Capability inventory: Limited to
curlfor data retrieval and file output. - Sanitization: No explicit sanitization of the API response is provided in the skill documentation.
Audit Metadata