camino-fitness-finder

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The shell script scripts/fitness-finder.sh processes user-supplied JSON input using jq. It properly URI-encodes the query parameter to prevent command injection or malformed requests when calling the API via curl.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests installation from the author's GitHub repository (github.com/barneyjm/camino-skills) using the npx skills command, which is a standard practice for extending agent capabilities.
  • [SAFE]: Data is sent exclusively to the official Camino AI domain (api.getcamino.ai). Authentication is managed through a standard environment variable (CAMINO_API_KEY), adhering to best practices for API credential handling.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:16 AM
Security Audit — agent-trust-hub — camino-fitness-finder