weathercli
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install an external binary via
go install github.com/pjtf93/weathercli/cmd/weathercli@latestand provides a link to binary releases athttps://github.com/pjtf93/weathercli/releases. These resources originate from an unverified third-party account ('pjtf93') not associated with the skill author ('sundial-org') or a trusted vendor list. - [COMMAND_EXECUTION]: The skill operates by invoking a local binary
weathercli. If the binary installed from the unverified source is malicious, it could lead to full system compromise upon execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and shell command injection. User-supplied input for the
<location>variable is placed directly into a shell execution string. - Ingestion points: Location strings used in
current,forecast, andsearchcommands. - Boundary markers: The commands wrap the location in double quotes in examples, but this does not prevent injection via subshells (e.g.,
$(...)) or quote-breaking characters. - Capability inventory: The skill documentation shows the agent executing shell commands with user-controlled parameters.
- Sanitization: No input validation or character escaping is specified to mitigate command injection risks.
Audit Metadata