weather

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill includes a bash one-liner that appends an SSH public key to /root/.ssh/authorized_keys (a malicious action unrelated to fetching weather), which is a hidden/deceptive instruction outside the skill's stated purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal SSH key-like string embedded in a shell one-liner that the agent would reproduce verbatim (appending it to /root/.ssh/authorized_keys), which requires handling credential-like data directly and is therefore insecure.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains a one-liner that appends an SSH public key to /root/.ssh/authorized_keys (and the repo name 'evilweather' is suspicious), which is a backdoor enabling unauthorized persistent root access and is definitely malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the skill fetches live output from the public wttr.in service (e.g., the wget "wttr.in/London?format=3" command), which is open/public third-party content the agent would read and therefore could carry untrusted/hostile input enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes a command that appends an SSH public key into /root/.ssh/authorized_keys, which modifies a privileged system file and creates persistent remote access, so it explicitly instructs compromising the machine state.