Skills
skills/barneyjm/camino-skills/journey/Gen Agent Trust Hub

journey

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [External Downloads] (MEDIUM): The documentation suggests installation using npx clawhub@latest and a specific GitHub repository barneyjm/camino-skills. Neither the tool nor the repository are from trusted organizations or listed in the security guidelines, presenting a risk of unverifiable code execution during installation.
  • [Data Exfiltration] (LOW): The skill's primary function involves sending a user-provided CAMINO_API_KEY and journey waypoints to https://api.getcamino.ai. While necessary for the service, users should be aware of this data transfer to a non-whitelisted domain.
  • [Indirect Prompt Injection] (LOW): The skill processes external waypoint data and returns a 'summary' from the API. This creates a surface for Indirect Prompt Injection if the agent relies on this summary for subsequent decision-making. * Ingestion points: waypoints array in scripts/journey.sh. * Boundary markers: None identified in the script or instructions. * Capability inventory: Subprocess calls to curl and jq for network communication and data parsing. * Sanitization: Input is validated as JSON via jq, but internal string content is not sanitized.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:10 PM