places
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions utilize npx to fetch and execute code from an untrusted third-party repository (github.com/barneyjm/camino-skills) and non-standard hubs (clawhub).
- [COMMAND_EXECUTION] (LOW): The skill executes a local bash script (scripts/places.sh) which uses curl and jq to interact with external services.
- [DATA_EXFILTRATION] (LOW): User search queries and the CAMINO_API_KEY are transmitted to api.getcamino.ai. While functional for the skill, the destination domain is not on the trusted sources list.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests and processes data from an external API without boundary markers. Evidence: 1. Ingestion points: API response content returned to the agent in scripts/places.sh. 2. Boundary markers: Absent. 3. Capability inventory: curl, jq, and access to environment variables. 4. Sanitization: None.
Audit Metadata