weather
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill performs network requests via
curlto non-whitelisted domains (wttr.inandapi.open-meteo.com). While functional for weather retrieval, these represent external communication channels. - Indirect Prompt Injection (INFO): The skill ingests untrusted data from external sources. Ingestion points: External API responses. Boundary markers: Absent. Capability inventory: Limited to
curlfor data retrieval; no high-privilege write or execute capabilities. Sanitization: None detected. The risk is limited to displaying potentially misleading or malicious text/ANSI content. - Command Execution (LOW): The skill executes
curlcommands, including an example that writes a file to/tmp/weather.png. This is a standard low-privilege operation for temporary file storage.
Audit Metadata