User-controlled placeholder is embedded directly into generated source code.
Critical
- Code
- suspicious.generated_source_template_injection
- Location
- SKILL.md:83
Security audit
Security checks across malware telemetry and agentic risk
This is a straightforward WeatherAPI.com helper that requires the user’s own API key and shows no hidden installation, persistence, or destructive behavior.
Install this only if you are comfortable sending weather locations to WeatherAPI.com and storing a WeatherAPI key locally. Avoid sharing config or troubleshooting output that may reveal the key, and ensure any adapted location query is URL-encoded.
44/44 vendors flagged this skill as clean.
Detected: suspicious.generated_source_template_injection