google-hotels
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
agent-browserCLI tool through Bash to automate browsing sessions on Google Hotels and various hotel provider websites as detailed inSKILL.mdandreferences/interaction-patterns.md.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes data from external, untrusted web environments. - Ingestion points: Untrusted data is ingested via browser snapshots from Google Hotels (
google.com/travel/search) and independent hotel websites when checking for direct booking deals. - Boundary markers: The instructions do not define boundary markers or include safety directives to ignore embedded instructions within the crawled web content.
- Capability inventory: The skill possesses capabilities for command execution (via Bash) and automated web navigation (via
agent-browser). - Sanitization: There is no evidence of sanitization, filtering, or validation of the content extracted from browser snapshots before it is presented to the agent's context.
Audit Metadata