weather-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow runs scripts/scripts/geocode.py and scripts/fetch_weather.py which call public APIs (Nominatim OpenStreetMap and Open-Meteo) and ingest their JSON (including Nominatim's user-contributed display_name/alternatives) to determine locations, forecasts, and follow-up actions, so untrusted third-party content is read and can influence the agent's decisions.