cancel-booking

SUSPICIOUS: the skill’s stated purpose is coherent, but it delegates a destructive booking cancellation to an unpinned, externally fetched npm CLI whose publisher and official relationship to a real travel service were not verified. The main risk is supply-chain trust plus forwarding user PII to opaque third-party code for a real-world action.