hotel-finder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is installed from 'github.com/barneyjm/camino-skills' and via 'clawhub', neither of which are on the trusted sources list. This represents an unverifiable dependency and installation path.
- DATA_EXFILTRATION (LOW): The skill communicates with the non-whitelisted domain 'api.getcamino.ai'. User queries are sent to this domain, and the trial setup instructions involve sending user emails to this external service.
- PROMPT_INJECTION (LOW): The skill ingests AI-generated summaries from an external API, creating a surface for indirect prompt injection (Category 8). There are no boundary markers or sanitization procedures for the 'answer' field returned by the API. Evidence Chain: 1. Ingestion: API response from api.getcamino.ai. 2. Boundaries: Absent. 3. Capability: The script performs network calls and outputs data. 4. Sanitization: None detected.
Audit Metadata