flightclaw
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill attempts to install a Python package named 'flights' in
setup.sh. This package name on the public PyPI registry is an outdated project that does not provide the 'fli' module imported by the skill's scripts. This discrepancy indicates an unverifiable dependency that may lead to installation failures or the loading of unintended code.\n- [COMMAND_EXECUTION]: The skill defines several scripts for searching and tracking flights that involve executing Python commands with user-provided arguments (e.g., airport codes, dates). These includesearch-flights.py,track-flight.py, andcheck-prices.py.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external flight data from the Google Flights API.\n - Ingestion points: Flight data is fetched from the Google Flights service in
scripts/search_utils.pyand processed in various scripts.\n - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potentially malicious content within the search results.\n
- Capability inventory: The skill has the capability to write to local storage (
data/tracked.json) and perform network operations to Google's infrastructure.\n - Sanitization: No sanitization or validation is performed on the text fields (such as airline names or airport descriptions) returned by the API before they are presented to the agent.
Audit Metadata