journey
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the Journey registry. * Ingestion points: Kit definitions and installation metadata fetched from https://www.journeykits.ai/api/kits/. * Boundary markers: No explicit markers are used to delimit registry content. * Capability inventory: Shell command execution and file writing. * Sanitization: No validation of the remote content is specified.
- [REMOTE_CODE_EXECUTION]: The skill fetches shell commands from the Journey API for pre-installation setup and verification.
- [COMMAND_EXECUTION]: The installation process requires running shell commands provided by the remote registry.
- [DATA_EXFILTRATION]: The skill communicates with the vendor's registry to retrieve installation instructions and kit metadata.
Audit Metadata