srt-booking
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to install the SRTrain library and runs Python scripts using the sops exec-env wrapper for secure credential injection.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the SRTrain package from the Python Package Index (PyPI).
- [DATA_EXFILTRATION]: The skill accesses sensitive local files located at ~/.config/k-skill/secrets.env and ~/.config/k-skill/age/keys.txt to retrieve credentials for the SRT booking system. This access is handled securely using sops for encrypted environment variable injection.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data retrieved from external SRT servers. 1. Ingestion points: SRT search results and reservation data processed in SKILL.md. 2. Boundary markers: Absent; external data is printed directly into the agent context without delimiters. 3. Capability inventory: Subprocess execution via sops and Python in SKILL.md. 4. Sanitization: Absent; the skill prints library object representations without explicit filtering.
Audit Metadata