pp-open-meteo
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the
open-meteo-pp-clibinary from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and the@mvanhorn/printing-presspackage on NPM. These resources originate from the vendor's own infrastructure. - [REMOTE_CODE_EXECUTION]: Installation steps involve running
npxandgo install, which download and execute code from remote registries. These actions are standard procedures for installing the required tooling. - [COMMAND_EXECUTION]: The skill operates by executing the
open-meteo-pp-clibinary via the shell to perform weather-related operations. - [PROMPT_INJECTION]: The skill processes data from the Open-Meteo API, which represents an indirect prompt injection surface. The risk is assessed as safe given the structured and non-adversarial nature of weather metrics.
- Ingestion points: Open-Meteo API response data processed by the CLI tool as described in SKILL.md.
- Boundary markers: No specific delimiters or 'ignore' instructions for the agent are defined for the API data.
- Capability inventory: The CLI includes commands that can write output to local files or remote webhooks using the
--deliverflag. - Sanitization: No explicit sanitization or validation of the external API data is mentioned before processing.
Audit Metadata