context
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions (SKILL.md) recommend downloading and executing code from an untrusted GitHub repository (
github.com/barneyjm/camino-skills) usingnpx skills addandclawhub. This source is not on the trusted organization or repository list. - [DATA_EXFILTRATION] (LOW): The script
scripts/context.shtransmits user-provided location data and an API key (CAMINO_API_KEY) to an external domain (api.getcamino.ai). This domain is not on the pre-approved whitelist for exfiltration analysis. - [COMMAND_EXECUTION] (SAFE): The shell script uses
curlandjqwith properly quoted variables ("$INPUT"), which prevents common shell injection vulnerabilities when handling the JSON payload. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a data ingestion surface via command-line arguments.
- Ingestion points: The
scripts/context.shscript accepts arbitrary JSON input. - Boundary markers: None present in the script or instructions.
- Capability inventory: Limited to network requests via
curland JSON processing viajq. - Sanitization: The script performs basic JSON validation using
jq emptybefore processing.
Audit Metadata