The Agent Skills Directory

[SAFE]: The skill interacts exclusively with the official National Weather Service (NOAA) API (api.weather.gov), which is a well-known and trusted government service for weather data.- [SAFE]: No API keys, credentials, or authentication tokens are required for operation, eliminating the risk of credential exposure or hardcoded secrets.- [SAFE]: The execution environment is appropriately restricted via YAML frontmatter to limit network interactions primarily to the official weather.gov API domain.- [SAFE]: Code examples provided for Python, Node.js, and Bash use standard library components and well-known packages (like requests) without introducing unverified dependencies or remote code execution risks.- [PROMPT_INJECTION]: The skill processes external data from the NOAA API, creating a surface for indirect prompt injection. However, the risk is mitigated by the trusted status of the government data provider.
Ingestion points: API response bodies from api.weather.gov (documented in SKILL.md).
Boundary markers: Not specified for interpolation into agent prompts.
Capability inventory: Tool access includes Bash with curl, python, node, and jq (defined in SKILL.md).
Sanitization: No specific validation or escaping of API content is performed before processing.

noaa-weather