norikae-guide
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/fetch_norikae_routes.pyandscripts/build_norikae_url.py) usingpython3to handle route planning logic and data retrieval. - [EXTERNAL_DOWNLOADS]: The skill connects to
transit.yahoo.co.jpto fetch live train route information. This is a well-known transportation service in Japan. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external web content and presents it to the agent.
- Ingestion points: External HTML/text content is ingested via
scripts/fetch_norikae_routes.py(line 197). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the skill's workflow when processing fetched data.
- Capability inventory: The skill possesses network access and the ability to execute its own local scripts.
- Sanitization: Content is passed through
strip_noise(to remove scripts and styles) andhtml_to_textfunctions before being processed by the agent. - [DATA_EXFILTRATION]: The fetch script includes a
--urlargument that allows fetching from any provided URL. This presents a Server-Side Request Forgery (SSRF) risk where the agent could be tricked into accessing internal services or metadata endpoints if a malicious URL is supplied.
Audit Metadata