travel-concierge
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local CLI command
travel-concierge find-contactto process URLs and extract contact information. This is the core functionality and is used safely within the skill's context.- [EXTERNAL_DOWNLOADS]: No external downloads or remote script executions were detected. The skill uses local commands and optional configuration for the Google Places API.- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were found. The instructions clearly define how to process user-provided URLs.- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The documentation correctly identifies that API keys should be set via a configuration command (travel-concierge config set), which is a secure practice.- [DATA_EXFILTRATION]: No data exfiltration patterns were detected. The skill's primary purpose is to find and display contact information to the user within the agent context.- [NO_CODE]: The skill provides a standardvitest.config.tsfile for testing, which is a common and safe development configuration. It does not include any suspicious scripts or binaries.
Audit Metadata