flyai
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it interpolates user-supplied data (such as search queries and destination names) into shell command arguments for the
flyai-clitool. - Ingestion points: User-provided search terms in
fliggy-fast-search.md,search-flight.md,search-hotels.md, andsearch-poi.md(e.g.,--query,--origin,--dest-name). - Boundary markers: Absent; there are no delimiters or specific instructions to the agent to ignore malicious commands embedded in the user's travel query.
- Capability inventory: The skill performs shell command execution using the
noderuntime as specified in theSKILL.mdmetadata. - Sanitization: No explicit validation or escaping of input data is defined within the skill files before passing arguments to the CLI.
- [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the
flyai-clicommand-line utility. This involves subprocess calls that pass user-influenced parameters to the shell. - [EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the
@fly-ai/flyai-clipackage from the npm registry. This package originates from the author's official namespace and is consistent with the skill's stated purpose.
Audit Metadata