Weather Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill configuration.
- [NO_CODE]: The skill consists entirely of configuration and documentation (YAML and Markdown). No executable scripts or binary files are provided, significantly reducing the attack surface.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external data from weather services and calendar events. This is a common design pattern for automation tools.
- Ingestion points: Weather data from weather-mcp tools and calendar event metadata in SKILL.md.
- Boundary markers: None identified in the workflow templates.
- Capability inventory: Actions include fetching weather data and sending notifications via Slack, SMS, or Home Assistant.
- Sanitization: The templates do not show explicit input sanitization or validation of the external data before use.
Audit Metadata