travel-concierge
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
travel-conciergeCLI tool to process travel URLs. This tool is a vendor-provided resource for the skill's primary functionality of finding contact information.\n- [PROMPT_INJECTION]: The skill exposes a potential surface for indirect prompt injection by accepting untrusted input from user-supplied URLs.\n - Ingestion points: External URLs from booking platforms are passed directly into a shell command through the
travel-concierge find-contactinstruction.\n - Boundary markers: The URL is wrapped in double quotes in the command template, which acts as a basic but bypassable delimiter.\n
- Capability inventory: The skill performs local CLI command execution using the
travel-conciergeutility.\n - Sanitization: There is no mention of input sanitization or validation of the URL structure before it is used in the command execution.
Audit Metadata