skills/athina-ai/goose-skills/weather/Gen Agent Trust Hub

weather

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains instructions to read sensitive authentication data from a local file path at ~/.gooseworks/credentials.json. It specifically extracts an api_key and api_base using inline Python scripts and exports them as environment variables. This constitutes credential exposure, especially as the stated purpose of the skill (weather) does not require these platform-level credentials.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via curl and python3 to perform its tasks. While curl is used for legitimate weather APIs (wttr.in and open-meteo.com), the python3 calls are used to programmatically parse local credential files, which is a sensitive operation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — weather