travel-itinerary-content-planner

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted content from multiple sources, which could be leveraged for indirect prompt injection attacks.
  • Ingestion points: External data enters the system through itineraryThemeText (pasted text), travelResourceFile (uploaded documents), and destinationReferenceLink (external URLs), as defined in SKILL.md and references/form-schema.json.
  • Boundary markers: The skill does not provide clear delimiters or instructions to the agent to treat input data as untrusted or to ignore embedded commands within these inputs.
  • Capability inventory: The skill's operational capability is restricted to making network requests to the ai-skills.ai API via scripts/run.py. No local command execution or file system modification capabilities were detected.
  • Sanitization: The skill passes parameters directly to the API in JSON format without performing input validation or sanitization for potential injection patterns.
  • [EXTERNAL_DOWNLOADS]: The skill's execution runner performs network operations to a remote service.
  • Evidence: scripts/run.py connects to https://ai-skills.ai to execute the skill's logic.
  • Context: This behavior is consistent with the skill's stated purpose and infrastructure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — travel-itinerary-content-planner