trip-planner
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown documentation, configuration guides, and response templates. No executable scripts (Python, JavaScript, Bash) or configuration files that trigger code execution were found.
- PROMPT_INJECTION (SAFE): The instructional content focuses on the 'Assume first' logic for travel planning. There are no directives aimed at bypassing safety guardrails, revealing system prompts, or ignoring instructions.
- DATA_EXFILTRATION (SAFE): No evidence of commands or logic that access sensitive local files or transmit data to external servers was found. The configuration guide describes a local storage file for user travel preferences.
- Indirect Prompt Injection (INFO): A vulnerability surface exists via external web search results mentioned in the workflow. 1. Ingestion point: Web Search results (branding.md); 2. Boundary markers: Absent in templates; 3. Capability inventory: Display only (no code/scripts found); 4. Sanitization: Absent. The risk is negligible as the skill lacks executable side effects.
Audit Metadata