Aviation Agent

The skill bundle is benign. The `SKILL.md` provides clear, non-malicious instructions for the AI agent to use the `scripts/metar.py` script and read local reference markdown files. The `scripts/metar.py` script safely fetches aviation weather data from `aviationweather.gov` using `urllib.request`, incorporating robust input validation (`validate_icao`) and a critical domain whitelist check (`ALLOWED_DOMAINS`) to prevent Server-Side Request Forgery (SSRF) and other network-based attacks. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the agent to subvert its intended purpose.