idfm-journey
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official IDFM PRIM API at prim.iledefrance-mobilites.fr. This is an official and trusted public transportation data service.
- [PROMPT_INJECTION]: The skill ingests data from external API responses (station names, journey directions, and incident messages). Ingestion points:
scripts/idfm.pyfetches transit data; Boundary markers: None explicitly used in script output; Capability inventory: No file system access, subprocess execution, or dynamic evaluation (eval/exec) capabilities are present; Sanitization: The script parses JSON but does not filter the text content. This represents a standard low-risk indirect input surface. - [COMMAND_EXECUTION]: The provided Python script uses standard library functions for processing and network requests; it does not invoke external system commands or subprocesses.
Audit Metadata