itinerary
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions provide functional guidelines for itinerary creation and do not attempt to bypass agent safety filters or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths or credential extraction patterns were found. The skill references standard public domains for travel and government information.
- Indirect Prompt Injection (SAFE): The skill ingests external data from travel websites and has a write capability (calendar updates). This potential attack surface is mitigated by the requirement for 'explicit confirmation' from the user before any calendar events are created.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No package managers (npm, pip) or remote script execution (curl|bash) patterns are present in the files.
Audit Metadata