Skills
skills/slzatz/claude_agent_remote/weather/Gen Agent Trust Hub

weather

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses a message prefix marker ([channel:telegram]) to conditionally change its formatting logic. Because this marker is part of the input text, it can be spoofed by users to manipulate the agent's output behavior.\n- [DATA_EXFILTRATION]: The skill retrieves external data using the WebFetch tool.\n
  • Evidence: Fetches forecast data from https://forecast.weather.gov/zipcity.php?inputstring=New+Canaan%2CCT.\n
  • Context: The request targets a well-known government service and is required for the skill's primary function.\n- [PROMPT_INJECTION]: The skill ingests and processes untrusted data from an external website, creating a surface for indirect prompt injection.\n
  • Ingestion points: Forecast data from forecast.weather.gov (SKILL.md).\n
  • Boundary markers: Absent; there are no instructions to the agent to distinguish fetched data from its own instructions.\n
  • Capability inventory: WebFetch is used to retrieve data; the agent processes this data to generate a user-facing response.\n
  • Sanitization: No validation or sanitization of the external content is specified before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 03:16 PM