Skills
skills/silkyland/hospitable-skill/hospitable-api/Gen Agent Trust Hub

hospitable-api

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill processes data from third parties that could contain malicious instructions.
  • Ingestion points: Untrusted data enters via client.ts through methods such as reservations.listMessages, inquiries.list, and reviews.list.
  • Boundary markers: Instructions in SKILL.md and rules.md do not define delimiters for external data.
  • Capability inventory: The agent can execute write actions via client.ts including reservations.sendMessage, calendar.update, and shortcodes.set.
  • Sanitization: The skill does not implement validation or escaping of the fetched API content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 08:43 AM