Skills
skills/alibaba-flyai/flyai-skill/flyai-travel-search/Gen Agent Trust Hub

flyai-travel-search

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the flyai-cli (specifically the @fly-ai/flyai-cli Node.js package) to perform travel-related searches for flights, hotels, and points of interest. These commands are invoked via a CLI interface and return structured JSON data for the agent to process.
  • [EXTERNAL_DOWNLOADS]: The instructions direct the user to install the official vendor CLI tool using npm i -g @fly-ai/flyai-cli. This package belongs to the skill's author organization.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The tool optionally handles a FLYAI_API_KEY for service authentication, which is stored using a standard configuration command (flyai config set).
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external search results from Fliggy services (hotels, flights, attractions) and displays them as Markdown. While this represents an external data ingestion surface, it is standard for travel search functionality and includes clear instructions on how to parse the structured JSON output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 09:29 AM