Skills
skills/mvanhorn/printing-press-library/pp-weather-goat/Gen Agent Trust Hub

pp-weather-goat

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of executable binaries and packages from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and the @mvanhorn NPM scope. These resources are part of the author's infrastructure.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for software installation (go install, npx) and to run the weather-goat-pp-cli tool to process weather queries.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver feature that allows the agent to route the command output to arbitrary external webhooks or local files. It also includes a feedback mechanism that can transmit data to a remote endpoint if configured.
  • [PROMPT_INJECTION]: The skill processes untrusted user input via the $ARGUMENTS variable to determine which CLI commands to execute.
  • Ingestion points: User input enters the agent context in the Argument Parsing section of SKILL.md.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to treat user input as untrusted data.
  • Capability inventory: The skill uses the Bash tool for installation and CLI execution.
  • Sanitization: No input validation or sanitization routines are specified for the user-provided arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 07:22 PM