flight-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill provides and encourages the use of unverified piped shell scripts for installation, which is a significant security risk. \n
- Evidence:
install.shcontainscurl -LsSf https://astral.sh/uv/install.sh | sh. \n - Evidence:
README.mdsuggestscurl -fsSL https://raw.githubusercontent.com/Olafs-World/flight-search/main/install.sh | bash. \n- COMMAND_EXECUTION (HIGH): A self-upgrade feature in the CLI executes system commands to update the package, providing a vector for RCE if the update source is hijacked. \n - Evidence:
flight_search/cli.pycontains thedo_upgradefunction which callssubprocess.runto execute dynamically constructed commands likeuv tool upgradeorpip install --upgrade. \n- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted external data from flight search results and has access to high-privilege shell execution capabilities. \n - Ingestion points:
flight_search/search.pyvia thefast-flightslibrary scraping Google Flights. \n - Boundary markers: Absent; raw flight data is processed and returned to the agent without delimitation. \n
- Capability inventory: The skill possesses
subprocess.runcapabilities (as seen incli.py). \n - Sanitization: No sanitization of external content is performed before returning it to the agent.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh, https://raw.githubusercontent.com/Olafs-World/flight-search/main/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata