weather
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
curlbinary to perform network requests. These commands are statically defined and target weather-related endpoints.\n- [EXTERNAL_DOWNLOADS]: The skill fetches weather information fromwttr.in, which is a well-known and reputable service for terminal-based weather reports.\n- [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the agent processes unverified data from a remote source.\n - Ingestion points: Data enters the context via the standard output of
curlrequests towttr.in.\n - Boundary markers: None. External output is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.\n
- Capability inventory: The skill is permitted to run subprocesses (
curl).\n - Sanitization: There is no evidence of validation or filtering applied to the remote data before it is presented to the agent.
Audit Metadata