flight
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill is composed entirely of markdown instructions and contains no shell scripts, Python code, or other executable components. No direct execution risk exists within the provided file.
- [Indirect Prompt Injection] (LOW): The skill directs the agent to retrieve and process information from external sources (airline and airport portals). This creates an attack surface for indirect prompt injection, where malicious instructions hidden on those websites could influence the agent. However, as the skill provides no specialized tools for file manipulation, command execution, or network exfiltration, the impact of such an attack is restricted to the local context of the conversation.
Audit Metadata