cancel-booking
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs a shell command using npx that incorporates user-provided inputs (bookingId, lastName, email). This creates a surface for indirect prompt injection or command injection.
- Ingestion points: User parameters are interpolated directly into the bash command template.
- Boundary markers: The template uses double quotes around shell arguments but lacks instructions for the agent to sanitize or ignore instructions embedded within the data.
- Capability inventory: The skill utilizes shell execution via npx to perform operations.
- Sanitization: No sanitization logic or validation steps for external inputs are provided in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill fetches the @tvl-justin/travel-cli package from the official NPM registry at runtime. This is a vendor-owned resource from a well-known service.
- [DATA_EXFILTRATION]: The skill processes sensitive user information, including the last name and email address, to perform the requested cancellation.
Audit Metadata