weather
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill fetches data from public weather APIs (wttr.in and open-meteo.com). Although these domains are not on the trusted whitelist, they are legitimate services required for the skill's primary function and no sensitive data is exfiltrated.
- COMMAND_EXECUTION (SAFE): Uses the
curlutility to access weather information. No command injection, unauthorized file system manipulation, or privilege escalation patterns were found. - INDIRECT_PROMPT_INJECTION (SAFE): The skill processes content from external sources which constitutes a potential attack surface.
- Ingestion points: Output from
curlcommands inSKILL.md. - Boundary markers: None present.
- Capability inventory: Reading and displaying text/JSON weather results.
- Sanitization: None provided. Despite the surface, the risk is negligible given the specific use case and trusted nature of the APIs.
Audit Metadata