travel-companion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection where malicious instructions embedded in web pages could influence the agent.
- Ingestion points: Web content retrieved via
snapshotfrom TikTok, Instagram, and Eventbrite (SKILL.md,references/browser.md). - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions within the retrieved data.
- Capability inventory: The agent can navigate the web, capture page content, and send emails through the
AgentMailAPI (references/agentmail.md). - Sanitization: Absent. There is no mention of filtering or validating external content before it is processed by the LLM or included in outbound emails.
- [Data Exfiltration] (LOW): The skill communicates with
api.agentmail.to, a non-whitelisted external domain. While this is used for the primary purpose of sending itineraries, the combination of web reading and email sending capabilities presents a potential path for data exfiltration if the agent is manipulated.
Audit Metadata