Skills
skills/agairola/fuel-pricing-skill/sydney-tolls/Gen Agent Trust Hub

sydney-tolls

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs dynamic context injection in the SKILL.md file to verify the presence of the uv package manager on the host system during skill initialization.
  • [DATA_EXFILTRATION]: Performs network requests to the OpenStreetMap Nominatim API to geocode origin and destination place names for route toll calculations.
  • [EXTERNAL_DOWNLOADS]: Declares a runtime dependency on the httpx Python package, which is automatically fetched and installed by the uv tool.
  • [PROMPT_INJECTION]: Processes external data from the Nominatim API, creating a surface for indirect prompt injection.
  • Ingestion points: Nominatim API JSON response in scripts/tolls.py
  • Boundary markers: Absent
  • Capability inventory: System shell access via Bash and file system access via Read tools
  • Sanitization: The script extracts specific expected fields like coordinates and address components from the API response
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 01:33 AM