textual
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates patterns for ingesting untrusted data from external sources and user input which could be exploited in an indirect prompt injection attack.
- Ingestion points: The
WeatherAppexample inreferences/examples.mdingests user input via theInputwidget and external data from thewttr.inAPI. - Boundary markers: No explicit delimiters or instructions are provided to the model to treat the external API response as untrusted data.
- Capability inventory: The skill examples use
httpxfor network requests andDirectoryTreefor local file system access. - Sanitization: The
fetch_weathermethod inreferences/examples.mdupdates the UI directly with theresponse.textfrom an external URL without sanitization. - [Data Exposure & Exfiltration] (LOW): Contains network operations targeting domains outside the predefined whitelist.
- Evidence:
references/examples.mdcontains aWeatherAppexample that useshttpxto perform a GET request tohttps://wttr.in.
Audit Metadata