Skills
skills/vikiboss/60s-skills/weather-query/Gen Agent Trust Hub

weather-query

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from an external API and interpolates it into the agent's output.
  • Ingestion points: Weather data is ingested from https://60s.viki.moe/v2/weather/realtime and https://60s.viki.moe/v2/weather/forecast as defined in SKILL.md.
  • Boundary markers: The prompt construction examples do not utilize delimiters (e.g., XML tags or triple quotes) or specific instructions to prevent the agent from obeying instructions that might be embedded in the API response.
  • Capability inventory: The skill uses requests.get and curl to perform network operations, but it does not have the capability to write to the filesystem or execute arbitrary commands.
  • Sanitization: No sanitization or validation logic is present to filter the content of the API response before it is used to generate the final response to the user.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to https://60s.viki.moe to fetch weather information. This domain is consistent with the author's infrastructure (vikiboss) and is essential for the skill's primary weather-reporting functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 06:59 AM