travel
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local 'alma' CLI commands for tracking travel status, recording events, and modifying personality traits. It also uses shell redirection to write diary files to the ~/.config/alma/travels/ directory.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from external web searches. 1. Ingestion points: Destination information and local tips retrieved via the WebSearch tool. 2. Boundary markers: No explicit markers are defined to distinguish search results from system instructions. 3. Capability inventory: Includes full Bash access for state management and the ability to modify core personality files like SOUL.md. 4. Sanitization: There is no requirement for the agent to sanitize or validate the data fetched from the web before it is used to influence actions or generated content.
Audit Metadata