travel-itinerary-content-planner
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from multiple sources, which could be leveraged for indirect prompt injection attacks.
- Ingestion points: External data enters the system through
itineraryThemeText(pasted text),travelResourceFile(uploaded documents), anddestinationReferenceLink(external URLs), as defined inSKILL.mdandreferences/form-schema.json. - Boundary markers: The skill does not provide clear delimiters or instructions to the agent to treat input data as untrusted or to ignore embedded commands within these inputs.
- Capability inventory: The skill's operational capability is restricted to making network requests to the
ai-skills.aiAPI viascripts/run.py. No local command execution or file system modification capabilities were detected. - Sanitization: The skill passes parameters directly to the API in JSON format without performing input validation or sanitization for potential injection patterns.
- [EXTERNAL_DOWNLOADS]: The skill's execution runner performs network operations to a remote service.
- Evidence:
scripts/run.pyconnects tohttps://ai-skills.aito execute the skill's logic. - Context: This behavior is consistent with the skill's stated purpose and infrastructure.
Audit Metadata