weather
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill allows the use of
curlorwgetto fetch raw content when web search tools fail. While the primary intent is fetching "public content," this capability creates a surface for Server-Side Request Forgery (SSRF) if the agent is directed to request internal or malicious URLs. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8c) because it reads and processes untrusted data from external websites.
- Ingestion points: External weather data and web pages retrieved via web search tools or
curl/wgetas specified inSKILL.md. - Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the fetched data.
- Capability inventory: Command execution (
curl,wget), web search, and web reading across the toolset. - Sanitization: Absent; the skill lacks explicit logic to sanitize or filter the content of the retrieved weather reports.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references and downloads data from external domains. Several of these are recognized authoritative weather sources (e.g.,
weather.gov,nmc.cn), which qualifies for a severity downgrade under the [TRUST-SCOPE-RULE] for those specific references.
Audit Metadata