Skills
skills/agairola/life-skills/sydney-traffic/Gen Agent Trust Hub

sydney-traffic

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches real-time traffic incident and roadwork data from the official Transport for NSW Open Data API (api.transport.nsw.gov.au).
  • [EXTERNAL_DOWNLOADS]: Uses well-known external services for location resolution, specifically OpenStreetMap's Nominatim and ip-api.com.
  • [COMMAND_EXECUTION]: The traffic.py script starts a temporary local HTTP server on 127.0.0.1 and opens the system's web browser to acquire high-accuracy location coordinates from the browser's Geolocation API.
  • [PROMPT_INJECTION]: The skill processes external data from the TfNSW API, which introduces an indirect prompt injection surface.
  • Ingestion points: Traffic incident headlines, road names, and advice strings are ingested from the TfNSW hazards API in scripts/traffic.py.
  • Boundary markers: Output formatting does not include clear delimiters or safety instructions to distinguish API-provided text from agent commands.
  • Capability inventory: The skill uses tools with Bash, Read, and Write capabilities, representing a significant capability surface.
  • Sanitization: No sanitization or safety-specific filtering is applied to the text content retrieved from the traffic API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 06:59 AM