Skills
skills/ferminrp/agent-skills/travel-promos-argentina/Gen Agent Trust Hub

travel-promos-argentina

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill makes network requests to 'https://anduin.ferminrp.com', which is a third-party domain not included in the trusted sources list.
  • COMMAND_EXECUTION (LOW): The skill uses 'curl' and 'jq' to retrieve and manipulate remote data. Although these are standard utilities, their use with untrusted remote content carries a minor risk.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes external API data without explicit sanitization or boundary markers. ● Ingestion points: JSON data from 'https://anduin.ferminrp.com/api/v1/promos' fetched via curl. ● Boundary markers: Absent (no instructions to the agent to ignore embedded commands in the travel promos). ● Capability inventory: The skill utilizes 'curl' and 'jq' for data processing. ● Sanitization: Absent (no filtering or escaping of the 'title' or 'id' fields is performed before presentation).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 12:50 PM