Skills
skills/jackchuka/skills/restaurant-search/Gen Agent Trust Hub

restaurant-search

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands using the hpp CLI for restaurant searching and area resolution.
  • [EXTERNAL_DOWNLOADS]: The skill requires an external dependency, the hpp CLI, which is hosted on the author's GitHub repository (github.com/jackchuka/hpp). This is a vendor-owned resource required for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection and shell command injection through the interpolation of untrusted user data into command lines.
  • Ingestion points: User inputs for location names and keywords are directly inserted into bash commands in SKILL.md (e.g., hpp search --keyword "<text>").
  • Boundary markers: The skill instructions use double quotes for shell variables but lack explicit instructions for the agent to escape or ignore malicious instructions contained within those variables.
  • Capability inventory: The skill possesses the capability to execute arbitrary commands via the Bash tool.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of user-provided content before it is used in a shell context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:59 AM