route-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill scrapes trip reports and route descriptions from external websites, which could theoretically contain malicious instructions designed to manipulate the LLM's report generation process.\n
- Ingestion points:
cloudscrape.py,fetch_weather.py, andfetch_avalanche.pyretrieve data from external domains like Mountain-Forecast and NWAC.\n - Boundary markers: The provided tool scripts do not implement specific delimiters or warnings to the LLM to ignore instructions within the scraped content.\n
- Capability inventory: Scraped content is processed by multiple agents (Researcher and Report Writer) to synthesize information and generate a final report.\n
- Sanitization: No explicit sanitization or filtering of the fetched web content is performed within the Python components.\n- Command Execution (SAFE): The skill uses subprocess calls to execute local Python scripts and modular tools (e.g., peakbagger-cli), which is consistent with its stated architectural purpose.\n- Data Privacy (SAFE): No evidence of hardcoded credentials, sensitive file access, or data exfiltration to suspicious domains was found.
Audit Metadata