Skills
skills/confa-tech/agent-skills/travel-companion/Gen Agent Trust Hub

travel-companion

Fail

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to run the @aizzie/cli package using npx. This behavior results in the execution of code fetched from the NPM registry at runtime.\n
  • Evidence: Commands such as npx @aizzie/cli@latest docs in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: By specifying the @latest version tag, the skill downloads unpinned code. This allows the package maintainer to alter the executed code at any time without a change to the skill file itself, presenting a supply chain risk.\n- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands to interact with the Aizzie service, including loading references and executing subcommands with user-provided trip data.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by dynamically loading its own documentation and workflow instructions from an external package.\n
  • Ingestion points: Output from npx @aizzie/cli docs (SKILL.md).\n
  • Boundary markers: Absent; the agent is told to "load the full CLI reference" directly into its context.\n
  • Capability inventory: Full shell execution capabilities via npx and CLI subcommands.\n
  • Sanitization: None; the agent processes the external documentation output as authoritative instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 25, 2026, 02:27 PM