weather
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains instructions to read sensitive authentication data from a local file path at
~/.gooseworks/credentials.json. It specifically extracts anapi_keyandapi_baseusing inline Python scripts and exports them as environment variables. This constitutes credential exposure, especially as the stated purpose of the skill (weather) does not require these platform-level credentials. - [COMMAND_EXECUTION]: The skill relies on shell command execution via
curlandpython3to perform its tasks. Whilecurlis used for legitimate weather APIs (wttr.in and open-meteo.com), thepython3calls are used to programmatically parse local credential files, which is a sensitive operation.
Recommendations
- AI detected serious security threats
Audit Metadata