travel-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The installation instructions point to an untrusted GitHub repository (
github.com/barneyjm/camino-skills), which is not among the verified organizations listed in the security policy. - DATA_EXFILTRATION (LOW): The skill sends user-provided locations and descriptions to an external domain (
api.getcamino.ai). While this is the primary function of the skill, it constitutes a data exit point to a non-whitelisted domain. - PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection as it ingests untrusted JSON data that is subsequently processed by the agent.
- Ingestion points: Command-line JSON argument in
scripts/travel-planner.sh. - Boundary markers: Absent.
- Capability inventory: Network access via
curland JSON parsing viajq. - Sanitization: Validates JSON format via
jqbut does not sanitize the string content of fields like 'purpose'. - COMMAND_EXECUTION (SAFE): Shell commands in the script are properly quoted and validated, effectively preventing basic command injection vulnerabilities.
- CREDENTIALS_UNSAFE (SAFE): The skill follows best practices by requiring the
CAMINO_API_KEYto be set via environment variables rather than hardcoding credentials.
Audit Metadata